MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5d844206e982fdaffa520c57c847635102ddf72d893fe896d42581c41c2cfb91. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5d844206e982fdaffa520c57c847635102ddf72d893fe896d42581c41c2cfb91
SHA3-384 hash: 7069cd4690d24c2ca5902b2ca83f2399361f9ab187ed956cbbe6cf392371ec659d40db3aa1c6755e30153c1b3ca50228
SHA1 hash: 5659071cebd551acc10a924967a62f15ed798d50
MD5 hash: 5f494117cc701acec3c30f7f318e5584
humanhash: one-foxtrot-sodium-video
File name:5f494117cc701acec3c30f7f318e5584.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:551'936 bytes
First seen:2020-10-08 12:13:10 UTC
Last seen:2020-10-08 13:23:48 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 3b55ca563269a7f9dfbe8daa455f9f1e (2 x Dridex)
ssdeep 6144:l/7ffkHKLXmp/jzFmNr9bzxJ9mFCSMTawWTe80RxH4C6X6CBw0BHIOVf:da/jGrRlJAFCSMGhC806qCrS
Threatray 19 similar samples on MalwareBazaar
TLSH CCC4609C4702ADBFD1631137AD3B1D87B458F98A3D69AB3ED413B080207296AF5A4D1F
Reporter abuse_ch
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
2
# of downloads :
168
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/69188/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Sending a custom TCP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/485285
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5d844206e982fdaffa520c57c847635102ddf72d893fe896d42581c41c2cfb91/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-10-08 12:15:06 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lwceebxjql6276ssbrl4qr3dkebn35znre76rfwuewa4ihbm7oiq._file
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
0be0253ef0653faeda6da8f44b05e5c63035d1142efd90d63b41568d28458959
Dridex
2dc73ab125bbcfcaa2ad81debaa45da08adcfe021761d04c606812bf3748df68
Dridex
7a77b516c563c8bbe904af3b90cfb89148b879b807aa34d93be3b1a2eb93a016
Dridex
7f9d34e81d9dbaadf5253b219f04a1702226072884521a8e12e8c99c49fe198e
Dridex
9bea5cd43e299b1dcf722ab63d3162d0efaa6acd561260c9f5323dbc9ce71383
Dridex
adf6d91922505e07b840cdd9f74d33d6c7872bc6534a9be6b27b5d03470c835b
Dridex
b354b40413ec755a51a63ab930860d9078d9ad157f1f18b0d0c441d73bf6691c
Dridex
b775a1f8663e7bdeef07cdd7497b91fa82dd7ab1015d138b2aeb8b51e77d3895
Dridex
d0b22ae087511553366f2c9292424f5f3bebbbe621ed54a91d52b9f8d96f594e
Dridex
fa4745a9f86a7516cc6fdf77834b1b9ab83ba3a29743461eabe2bec180c9de86
Dridex
+ 9 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
botnet loader evasion trojan discovery family:dridex
Link:
https://tria.ge/reports/201008-tlcsfklps6/
Behaviour
Suspicious use of WriteProcessMemory
Checks installed software on the system
Checks whether UAC is enabled
Blacklisted process makes network request
Dridex Loader
Dridex
Malware Config
C2 Extraction:
177.87.70.3:443
213.133.102.195:3889
27.254.174.93:33443
27.254.174.77:4443
Unpacked files
SH256 hash:
5d844206e982fdaffa520c57c847635102ddf72d893fe896d42581c41c2cfb91
MD5 hash:
5f494117cc701acec3c30f7f318e5584
SHA1 hash:
5659071cebd551acc10a924967a62f15ed798d50
Link:
https://www.unpac.me/results/fbb83c62-2022-47fa-a556-14a416688ccb/
SH256 hash:
fab0ad8a99bdbf7835f1e8df7ff49f8f8cd95a75c00e1928e7755edb5c093178
MD5 hash:
c2b570e623a9dde6d99f2a3479c0fe6e
SHA1 hash:
10fae8dd2ab697607bb1335fc3b2b889f1df430e
Link:
https://www.unpac.me/results/fbb83c62-2022-47fa-a556-14a416688ccb/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Dridex
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5d844206e982fdaffa520c57c847635102ddf72d893fe896d42581c41c2cfb91

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 5d844206e982fdaffa520c57c847635102ddf72d893fe896d42581c41c2cfb91

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/666683/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/664874/
Cape
Cape
https://www.capesandbox.com/analysis/69188/

Comments