MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 76e86edefabd249e9d0ed7f2ee712d69805effd5cf749cb4d7bf96cacbe70008. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 76e86edefabd249e9d0ed7f2ee712d69805effd5cf749cb4d7bf96cacbe70008
SHA3-384 hash: a2e4be7b93f13d4dfe8dbde45c6fec7ba251466688ff1898198a873356f109a010e6922ea7bda3b721e54624809bd17e
SHA1 hash: 1ed095b35c48ef0623015d6b4cfc8f182090ec29
MD5 hash: d28a224866d71e2f04236c57de3ea058
humanhash: stairway-july-island-bacon
File name:SecuriteInfo.com.Trojan.Dridex.735.15942.2214
Download: download sample
Signature Dridex
Create hunting rule
File size:868'352 bytes
First seen:2021-01-21 23:53:44 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash f4f63e9c9e54a0497e774f15ebdcf087 (27 x Dridex)
ssdeep 12288:BpK8zfRHTVvV/iicxxOdUnyRsy8xLtNalpxIEdRgHCF7RuOwFQLQN41APA31uIEH:zK8zxhtafyS2jIEiCiQGk1f
Threatray 278 similar samples on MalwareBazaar
TLSH F505BF22FA949875F72D13304C73D56246FDBD428A39DD5F32CB291B38A6371B12638A
Reporter SecuriteInfoCom
Tags:Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
137
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/113424/
Detection(s):
SecuriteInfo.com.Trojan.Dridex.735.15942.2214.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Sending a custom TCP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
bank.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/587901
Signature
Detected Dridex e-Banking trojan
Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/76e86edefabd249e9d0ed7f2ee712d69805effd5cf749cb4d7bf96cacbe70008/
Verdict:
malicious
Label(s):
dridex
Create hunting rule
gozi
Create hunting rule
Similar samples:
0a905cb733a72dc8a3a2d4b744653d5697cfe86a0fb481ea9db8b8f60dc3a1f7
Dridex
40e39b3c88888e1ed60908e5e5797ba3566273a9c7cc0e09b39fb615b5ff4b4d
Dridex
5f714d78dd03257b68bc16c365a1b87c5a661e889f83bed1f2c26c133702bc43
Dridex
63c0b217b6c3dbaeea216651daa1a036146a72b24af5ced0f0adc96e02e43e32
Dridex
75ae8e7860355da341bb7d2cd7d50763fc53e14dbf38de4728582b1dd17af15a
Dridex
af47bed31dccde8b7f61405facf49ac172e7a58af7449e53373166b58cc6052f
Dridex
b27e4015c3df0bd4812f4c1b5d031cc1854c4dcc84077a1a8b53c761d352d628
Dridex
b3c2de770dc5f525bbf9e61c581352a9e1222e82347f5e2c8d6459f358466441
Dridex
d7d7c14d84e501b00fd13365034f0e1238248974e48f2e51a5564db065aefd82
Dridex
f9a4f05e5d78ace785001794ebc02cf9239ad95398de7b0915ae2366ea5abeca
Dridex
+ 268 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet loader
Link:
https://tria.ge/reports/210121-xzbhr65qea/
Behaviour
Suspicious use of WriteProcessMemory
Dridex Loader
Dridex
Malware Config
C2 Extraction:
194.225.58.214:443
211.110.44.63:5353
69.164.207.140:3388
198.57.200.100:3786
Unpacked files
SH256 hash:
227e9de8469fe920f02614feab4a378d2b863bc3090bc46a73552b55588e464e
MD5 hash:
ebdf9bcfeed9f747518d3fd6249722d0
SHA1 hash:
193ce6be62c657fa657e66f141580a6d7a3836cd
Link:
https://www.unpac.me/results/9b265f6a-e7df-4bf6-bfa5-6a969ff920e4/
SH256 hash:
76e86edefabd249e9d0ed7f2ee712d69805effd5cf749cb4d7bf96cacbe70008
MD5 hash:
d28a224866d71e2f04236c57de3ea058
SHA1 hash:
1ed095b35c48ef0623015d6b4cfc8f182090ec29
Link:
https://www.unpac.me/results/9b265f6a-e7df-4bf6-bfa5-6a969ff920e4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/76e86edefabd249e9d0ed7f2ee712d69805effd5cf749cb4d7bf96cacbe70008

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 76e86edefabd249e9d0ed7f2ee712d69805effd5cf749cb4d7bf96cacbe70008

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/113424/
  
URLhaus
https://urlhaus.abuse.ch/url/973139/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/973107/
  
URLhaus
https://urlhaus.abuse.ch/url/973106/
  
URLhaus
https://urlhaus.abuse.ch/url/973151/
  
URLhaus
https://urlhaus.abuse.ch/url/973145/
  
URLhaus
https://urlhaus.abuse.ch/url/973299/
  
URLhaus
https://urlhaus.abuse.ch/url/973138/
  
URLhaus
https://urlhaus.abuse.ch/url/973144/
  
URLhaus
https://urlhaus.abuse.ch/url/973155/
  
URLhaus
https://urlhaus.abuse.ch/url/973093/
  
URLhaus
https://urlhaus.abuse.ch/url/973170/

Comments