MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dc4b2b8ee104fee5dcbd7b3cbf4a06de27527cd8a8017f6268eb311cf9226282. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dc4b2b8ee104fee5dcbd7b3cbf4a06de27527cd8a8017f6268eb311cf9226282
SHA3-384 hash: 47a0101152a6e0166e2391e4179ded19b4de49524fb427cb3f6797397263707a7838836f50e266f05dafcf1e4ea84de4
SHA1 hash: f34a851e56886ac885b96c7ad75a991b32f94c97
MD5 hash: 430d71d5553ca41af541f4037fc1e566
humanhash: social-asparagus-ink-muppet
File name:430d71d5553ca41af541f4037fc1e566.dll
Download: download sample
Signature IcedID
Create hunting rule
File size:598'528 bytes
First seen:2022-02-02 08:40:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2d2acfa04bab8332c47a698164bea129 (1 x IcedID)
ssdeep 12288:ha8LsdGB012yPSoFT8tTwbBhnjDY7qwtIzE:ha8LsS012yPSU8tIhPdDo
Threatray 157 similar samples on MalwareBazaar
TLSH T112D4C016637507F9F06794388C634902DA717CB12371D1EFA3A1225B4E3BBE1663BB26
Reporter abuse_ch
Tags:dll exe IcedID

Intelligence

File Origin
# of uploads :
1
# of downloads :
206
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/229878/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
DNS request
Sending an HTTP GET request
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/5764/overview
Behaviour
MeasuringTime
CheckCmdLine
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control.exe greyware packed warp
Link:
https://www.filescan.io/uploads/61fa43a018d1bfdde4ea58f1/reports/b82e4fa3-27f8-460e-a600-be610582b878/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/75ed70dc-96a2-4dd2-a9d3-3021eae9302a
Result
Threat name:
IcedID
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/932952
Signature
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Yara detected IcedID
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 565426 Sample: wiO3E6SuVB.dll Startdate: 03/02/2022 Architecture: WINDOWS Score: 76 20 cleverballs.com 2->20 22 tp.8e49140c2-frontier.amazon.com 2->22 24 2 other IPs or domains 2->24 26 Multi AV Scanner detection for domain / URL 2->26 28 Multi AV Scanner detection for submitted file 2->28 30 Yara detected IcedID 2->30 32 Sigma detected: Suspicious Call by Ordinal 2->32 8 loaddll64.exe 1 2->8         started        signatures3 process4 process5 10 cmd.exe 1 8->10         started        12 rundll32.exe 8->12         started        14 rundll32.exe 8->14         started        16 2 other processes 8->16 process6 18 rundll32.exe 10->18         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dc4b2b8ee104fee5dcbd7b3cbf4a06de27527cd8a8017f6268eb311cf9226282/
Threat name:
Win64.Trojan.IcedID
Create hunting rule
Status:
Suspicious
First seen:
2022-02-02 08:41:18 UTC
File Type:
PE+ (Dll)
Extracted files:
7
AV detection:
11 of 28 (39.29%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
icedid
Create hunting rule
Similar samples:
071daa2f0bf9d587dd5a1abf995af47a25295242023c86ba8f3f95f1c317ddb6
IcedID
32e52d829bbde235d7d00c6c1752f7ee5114de97eee59b22957d0adfab84c9e9
IcedID
3387724e5c52e03964904747a605304f0677f8adb519a3c276548971fead152e
IcedID
41882804f7c0408c2bb901518b6b5434de7926e809ba571728e459229238024b
IcedID
6cf97e438fd5be6092a4337dc225ce9a134b5afe2c10638ab09deca00589b813
IcedID
6e486da9c8430de910b8d1f3c86b4f1dd787591232f854b3d1d77d39606014cb
IcedID
8086e227c4b65c33d119a8d8793d71eb679391508df6caef94974a03d9acc310
IcedID
9aa8a2e20b6d56d65e0448d0959db9870f0c35f1c8491928b14a3487c2f4e047
IcedID
a61b1d70d469b8ca7acdbd26fc859e6aeb229c4636fe9c92eac856914f326ac8
IcedID
ef52b91ce259be65a829fea2a25ce228100d34cff4200386419fe7c00fca893b
IcedID
+ 147 additional samples on MalwareBazaar
Gathering data
Unpacked files
SH256 hash:
dc4b2b8ee104fee5dcbd7b3cbf4a06de27527cd8a8017f6268eb311cf9226282
MD5 hash:
430d71d5553ca41af541f4037fc1e566
SHA1 hash:
f34a851e56886ac885b96c7ad75a991b32f94c97
Link:
https://www.unpac.me/results/50e2940b-b6aa-4018-ba52-9dbf34130265/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/dc4b2b8ee104fee5dcbd7b3cbf4a06de27527cd8a8017f6268eb311cf9226282

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:crime_win64_bazarloader_packed_sep21
Create hunting rule
Author:Rony (@r0ny_123)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

IcedID

Executable exe dc4b2b8ee104fee5dcbd7b3cbf4a06de27527cd8a8017f6268eb311cf9226282

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2021123/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/229878/

Comments