MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7f9d34e81d9dbaadf5253b219f04a1702226072884521a8e12e8c99c49fe198e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7f9d34e81d9dbaadf5253b219f04a1702226072884521a8e12e8c99c49fe198e
SHA3-384 hash: 093da1cbc664d3da4afa5e016b3006f0a5d52d77613a9e93141a493dbe4747b12067a00a7f590346b59621c0f5cf9d2a
SHA1 hash: 2ccd4176557f558804ce4a8562bf194a35699653
MD5 hash: ced0ea44459ab18ff0ef3362ef933579
humanhash: oven-magnesium-jersey-mobile
File name:ced0ea44459ab18ff0ef3362ef933579.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:623'616 bytes
First seen:2020-10-07 17:07:59 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 3b55ca563269a7f9dfbe8daa455f9f1e (2 x Dridex)
ssdeep 6144:P/JffzAu5ABXV93xkF2p/pzTa7AylqQnmlLAcEVdcsvj8Fb2VnwKbE9FaO:RLAR3xtTa9mlKcsmbT7na
Threatray 18 similar samples on MalwareBazaar
TLSH 99D4829C4746ADBFD1631137AD3B1D87B458FD8A3959AB3ED013B08020B296AF4A4D1F
Reporter abuse_ch
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
197
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/69005/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Sending a custom TCP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/484476
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7f9d34e81d9dbaadf5253b219f04a1702226072884521a8e12e8c99c49fe198e/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-10-07 17:09:05 UTC
File Type:
PE (Dll)
Extracted files:
22
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=p6otj2a5tw5k35jfhmqz6bfboarcmbziqrjbvdqs5dezysp6dgha._file
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
0be0253ef0653faeda6da8f44b05e5c63035d1142efd90d63b41568d28458959
Dridex
2dc73ab125bbcfcaa2ad81debaa45da08adcfe021761d04c606812bf3748df68
Dridex
5134abe5dc819aae6cd91607cad4ab81f79dae8531dbdbfcac3631d95f82ab4c
Dridex
7a77b516c563c8bbe904af3b90cfb89148b879b807aa34d93be3b1a2eb93a016
Dridex
9bea5cd43e299b1dcf722ab63d3162d0efaa6acd561260c9f5323dbc9ce71383
Dridex
adf6d91922505e07b840cdd9f74d33d6c7872bc6534a9be6b27b5d03470c835b
Dridex
b354b40413ec755a51a63ab930860d9078d9ad157f1f18b0d0c441d73bf6691c
Dridex
b775a1f8663e7bdeef07cdd7497b91fa82dd7ab1015d138b2aeb8b51e77d3895
Dridex
d0b22ae087511553366f2c9292424f5f3bebbbe621ed54a91d52b9f8d96f594e
Dridex
fa4745a9f86a7516cc6fdf77834b1b9ab83ba3a29743461eabe2bec180c9de86
Dridex
+ 8 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
botnet loader evasion trojan discovery family:dridex
Link:
https://tria.ge/reports/201007-1tpy4m3gy2/
Behaviour
Suspicious use of WriteProcessMemory
Checks installed software on the system
Checks whether UAC is enabled
Blacklisted process makes network request
Dridex Loader
Dridex
Malware Config
C2 Extraction:
177.87.70.3:443
213.133.102.195:3889
27.254.174.93:33443
27.254.174.77:4443
Unpacked files
SH256 hash:
fab0ad8a99bdbf7835f1e8df7ff49f8f8cd95a75c00e1928e7755edb5c093178
MD5 hash:
c2b570e623a9dde6d99f2a3479c0fe6e
SHA1 hash:
10fae8dd2ab697607bb1335fc3b2b889f1df430e
Link:
https://www.unpac.me/results/3b2db90e-fa75-4718-b952-081089f29f6b/
SH256 hash:
7f9d34e81d9dbaadf5253b219f04a1702226072884521a8e12e8c99c49fe198e
MD5 hash:
ced0ea44459ab18ff0ef3362ef933579
SHA1 hash:
2ccd4176557f558804ce4a8562bf194a35699653
Link:
https://www.unpac.me/results/3b2db90e-fa75-4718-b952-081089f29f6b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7f9d34e81d9dbaadf5253b219f04a1702226072884521a8e12e8c99c49fe198e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 7f9d34e81d9dbaadf5253b219f04a1702226072884521a8e12e8c99c49fe198e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/664874/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/665504/
Cape
Cape
https://www.capesandbox.com/analysis/69005/
  
URLhaus
https://urlhaus.abuse.ch/url/666683/

Comments