MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 560478c5532f341407bed4a90de3f7a53bb36d500691f1f41e7d18a44f354f8a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 560478c5532f341407bed4a90de3f7a53bb36d500691f1f41e7d18a44f354f8a
SHA3-384 hash: 0f07faf246321d19fde521e5385c1dc4a3fea40c7f1aada2a956999fc94e4ef345b5c73a9346bd0d9b2a59fa5472c1e4
SHA1 hash: 2daeeb9448614ad10b35b9d4c99ba607ef647f6e
MD5 hash: f43ddf640bee9dbe07e2383490af00ce
humanhash: princess-leopard-coffee-hydrogen
File name:tjbdhdvi1.zip.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:624'128 bytes
First seen:2020-11-25 15:51:36 UTC
Last seen:2020-11-26 04:52:37 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 2c9e1575c7fa7654def2836292f4f0de (1 x Dridex)
ssdeep 12288:FOnULafAehVDsWnbQD71ween08XbiCLCOPboGxZ:F7LarsCQD71weG0uiCeOzoGxZ
Threatray 179 similar samples on MalwareBazaar
TLSH 95D4E012F395C072E5671334907BC5E287BD3A014B7889E7B2E61B6F6D632F52638386
Reporter James_inthe_box
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
3
# of downloads :
130
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/105653/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/547123
Signature
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/560478c5532f341407bed4a90de3f7a53bb36d500691f1f41e7d18a44f354f8a/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-11-25 15:51:10 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
174c621f41276dd1732bb57b4e44aa0c5476ee3bf890a3ba0e02f7565d283d9c
Dridex
4ef049a69d2343a538b8563388f2a9f6838e8e864c6738b1e4934a4e377369a9
Dridex
52dc6da720ff69d8dea66a117fb1fd57e7db0366ec7f55b05cce18f6a3477cc8
Dridex
538201e92e10aa1a386750edf50216ef4a274b19039642eb10e7c453c9a8f192
Dridex
83c390d82e19beec14d007b7350f4296c23ce9b3d131a3670ebb7424ad917410
Dridex
8a0258361b87a73111afc4fb6f2cf121aa3a52122577a3692628e577ab202a34
Dridex
b354b40413ec755a51a63ab930860d9078d9ad157f1f18b0d0c441d73bf6691c
Dridex
d554bef77e35bbaa325fc61e5bca1ae419f9b2222110c913eb09b9369563c061
Dridex
ee397380005f89781c43853c6d2a8922d8570b43208b9f7162c6e4c5903e33b7
Dridex
fd6f6c377f403f5faccf5c4bb03a0d5af94f7f57ac13572a42b187cdbda027cc
Dridex
+ 169 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet loader
Link:
https://tria.ge/reports/201125-kwy2nqvvx6/
Behaviour
Suspicious use of WriteProcessMemory
Dridex Loader
Dridex
Malware Config
C2 Extraction:
194.225.58.216:443
178.254.40.132:691
216.172.165.70:3889
198.57.200.100:3786
Unpacked files
SH256 hash:
560478c5532f341407bed4a90de3f7a53bb36d500691f1f41e7d18a44f354f8a
MD5 hash:
f43ddf640bee9dbe07e2383490af00ce
SHA1 hash:
2daeeb9448614ad10b35b9d4c99ba607ef647f6e
Link:
https://www.unpac.me/results/37d89d0d-3b81-4d2d-b656-9ca6e9c44a0d/
SH256 hash:
04b963a4f6e42bdb53324247dc1a085fd0058039f05f30b0265fb13dbfa06e6f
MD5 hash:
ddc6c59273cba74d2f19e6cde76d646e
SHA1 hash:
070bec53c8e39ca795e7a097eba8ce09d3c440b2
Link:
https://www.unpac.me/results/37d89d0d-3b81-4d2d-b656-9ca6e9c44a0d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/560478c5532f341407bed4a90de3f7a53bb36d500691f1f41e7d18a44f354f8a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_dridex_loader_v2
Create hunting rule
Author:Johannes Bader @viql
Description:detects some Dridex loaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/853533/
  
URLhaus
https://urlhaus.abuse.ch/url/853534/
  
URLhaus
https://urlhaus.abuse.ch/url/853538/
  
URLhaus
https://urlhaus.abuse.ch/url/853537/
  
URLhaus
https://urlhaus.abuse.ch/url/853539/
  
URLhaus
https://urlhaus.abuse.ch/url/853535/
  
URLhaus
https://urlhaus.abuse.ch/url/853532/
  
URLhaus
https://urlhaus.abuse.ch/url/853536/
  
URLhaus
https://urlhaus.abuse.ch/url/854404/
Cape
Cape
https://www.capesandbox.com/analysis/105653/

Comments