MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e1d2c95eda751901a4bdae7ba381b85f5d7965b05afe245b5cbaccce9ecfb0bc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e1d2c95eda751901a4bdae7ba381b85f5d7965b05afe245b5cbaccce9ecfb0bc
SHA3-384 hash: bc416333c11577e6b4722eaf2f890cf73f5928611462fe13b3534a16e31ecb052d973449dd60399ba1ccf87daeecd071
SHA1 hash: 1c6e76af95f2a17b8e518965d62b3c9d7ecba6d5
MD5 hash: 6779daf60f7aa4bc357b264f32ff6cde
humanhash: beer-arkansas-colorado-river
File name:r.dll
Download: download sample
File size:196'984 bytes
First seen:2023-08-12 09:32:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a56f115ee5ef2625bd949acaeec66b76 (53 x Stealc, 47 x PureHVNC, 33 x CoinMiner)
ssdeep 6144:oZU+Q0/Xns9tMYN1fPdqTBNPenpNgpiF69:oS+Q289tMq1oPenPgpiF69
TLSH T119144A2AB2F294ACC9A7C27041BB81316D31FC751B31DA3F27D4EB350F22E50965AE65
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.6% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter JAMESWT_WT
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
264
Origin country :
IT IT
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
r.dll
Verdict:
No threats detected
Analysis date:
2023-08-12 09:36:15 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/73447b0d-b53b-443a-ac50-47f6557f301b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/442350/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.68637406.3278.21925.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
lolbin masquerade overlay packed replace
Link:
https://www.filescan.io/uploads/64d751cfab41059bd4cb2377/reports/e71e2629-087f-4108-af71-0d2a0fb634eb/overview
Verdict:
Malicious
Link:
https://www.hybrid-analysis.com/sample/e1d2c95eda751901a4bdae7ba381b85f5d7965b05afe245b5cbaccce9ecfb0bc
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/2433c7a5-d74d-4315-80cc-f528aefbfc32
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1290456
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1290456 Sample: r.dll.exe Startdate: 12/08/2023 Architecture: WINDOWS Score: 48 19 Multi AV Scanner detection for submitted file 2->19 7 loaddll64.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 conhost.exe 7->11         started        13 rundll32.exe 7->13         started        15 8 other processes 7->15 process5 17 rundll32.exe 9->17         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e1d2c95eda751901a4bdae7ba381b85f5d7965b05afe245b5cbaccce9ecfb0bc/
Threat name:
Win64.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2023-08-08 21:55:59 UTC
File Type:
PE+ (Dll)
AV detection:
13 of 38 (34.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4hjmsxw2oumqdjf5vz52hanyl5oxsznqll7ciw24xlgm5hwpwc6a._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230812-lh7fjadb21/
Unpacked files
SH256 hash:
e1d2c95eda751901a4bdae7ba381b85f5d7965b05afe245b5cbaccce9ecfb0bc
MD5 hash:
6779daf60f7aa4bc357b264f32ff6cde
SHA1 hash:
1c6e76af95f2a17b8e518965d62b3c9d7ecba6d5
Link:
https://www.unpac.me/results/048d3197-7c54-4b96-a89d-ed6541f18aa3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.75
Link:
https://yomi.yoroi.company/submissions/e1d2c95eda751901a4bdae7ba381b85f5d7965b05afe245b5cbaccce9ecfb0bc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Executable exe e1d2c95eda751901a4bdae7ba381b85f5d7965b05afe245b5cbaccce9ecfb0bc

(this sample)

IcedID

Executable exe a3fa68045d0106d6db3d43df6b5997d9034f9f7d2a34148187498e4b504ebf58

Cape
Cape
https://www.capesandbox.com/analysis/442350/
  
Dropping
SHA256 a3fa68045d0106d6db3d43df6b5997d9034f9f7d2a34148187498e4b504ebf58
  
Dropping
MD5 06cc2fdfd408c15a1e16adfb46e8bb38

Comments