MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 829be9339e5b2a28d562988e712a26778d19a97d4c7daa365a78e64e45d96777. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 829be9339e5b2a28d562988e712a26778d19a97d4c7daa365a78e64e45d96777
SHA3-384 hash: 35ce7864a975f23c7a7d7e5a2b5aa4910029d1519cd69f2851a6949a1568d9acb2fb38d52d7b30ae7fe3200f13569050
SHA1 hash: 079372fc499203a85fae6e5fb631e40c4b30ee35
MD5 hash: c30386a1822a9c5b7b49a913c3b17da4
humanhash: alpha-papa-victor-apart
File name:829be9339e5b2a28d562988e712a26778d19a97d4c7daa365a78e64e45d96777
Download: download sample
Signature Dridex
Create hunting rule
File size:1'060'864 bytes
First seen:2021-09-30 09:40:14 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c6b4c2eec8a93016c63563421e15f011 (66 x Dridex)
ssdeep 12288:+dMIwS97wJs6tSKDXEabXaC+jhc1S8XXk7CZzHsZH9dq0TO05Esv:IMIJxSDX3bqjhcfHk7MzH6z7qs
Threatray 127 similar samples on MalwareBazaar
TLSH T1FF358E10F3F309C3C09EF6B97CED1824B1835A82C52F8B2E490F53165596BD16EEAA57
File icon (PE):PE icon
dhash icon 44b2686938d8cc00 (67 x Dridex)
Reporter JAMESWT_WT
Tags:Dridex exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
144
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
829be9339e5b2a28d562988e712a26778d19a97d4c7daa365a78e64e45d96777
Verdict:
No threats detected
Analysis date:
2021-09-30 10:48:55 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e173fbc0-306a-459f-b44d-7ea541d5bef6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
DridexV4
Create hunting rule
Link:
https://www.capesandbox.com/analysis/193456/
Detection(s):
Win.Malware.Dridex-9840807-1
Create hunting rule

Win.Dropper.Dridex-9875456-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a process from a recently created file
Deleting a recently created file
Creating a file in the %AppData% subdirectories
Changing a file
Replacing files
Launching the process to change the firewall settings
Creating a process with a hidden window
Creating a file
Forced shutdown of a system process
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Unauthorized injection to a system process
Forced shutdown of a browser
Enabling autorun by creating a file
Malware family:
Dridex
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6f840112-8a72-472b-bff5-e5345d98b8c9
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/861768
Signature
Multi AV Scanner detection for submitted file
PE file has nameless sections
Queues an APC in another process (thread injection)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 494200 Sample: uisHQZ9pb8 Startdate: 30/09/2021 Architecture: WINDOWS Score: 56 32 Multi AV Scanner detection for submitted file 2->32 34 PE file has nameless sections 2->34 8 loaddll64.exe 1 2->8         started        11 explorer.exe 175 2->11         started        14 explorer.exe 2->14         started        16 5 other processes 2->16 process3 dnsIp4 36 Queues an APC in another process (thread injection) 8->36 18 cmd.exe 1 8->18         started        20 rundll32.exe 8->20         started        22 rundll32.exe 8->22         started        24 rundll32.exe 8->24         started        30 192.168.2.1 unknown unknown 11->30 signatures5 process6 process7 26 rundll32.exe 18->26         started        process8 28 explorer.exe 26->28 injected
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/829be9339e5b2a28d562988e712a26778d19a97d4c7daa365a78e64e45d96777/
Threat name:
Win64.Trojan.Injexa
Create hunting rule
Status:
Malicious
First seen:
2021-09-28 21:16:00 UTC
AV detection:
28 of 45 (62.22%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
156cc1e22fedb25a2cd38760f6174e475e5d04f903006e5d786cb752f526af58
Dridex
39aeb4b829dbaf57881874eb22330a8eb8440c9dc7dd49db912a0f05377a9c07
Dridex
42e780640ee233f66b212f13d9a8983241780a3dd2740990cddf0b66ae1468d2
Dridex
4edb85bc25603bb33ddfec00d3258176ea15a736b566b01c298269333bf2b445
Dridex
7630eb99cd2f4a7013bb742dc2b4619ec632924cd3d1a2bdc078b946b7c3efa7
Dridex
9243b9644ef74212a00a79968b2f04c040824aeb470e7d3b4e76d57f1e415f2a
Dridex
953829ec5944a2cd332dfb5ccdc805ef993820366dec2873ed31c1ae3bf6ffe1
Dridex
b1afe9e1801792dfe96eb0a6c71aa98f82067c5454526a7a524a41d5bb8814ac
Dridex
cc7570a8f00ca7bb7fcbf3b585f1125b7ca7c2214064ca9bf8bcbddad224823c
Dridex
d3096ae1aff66b900c5cc8e733e213cda2d01c55848aa8e91dec57f97cb95182
Dridex
+ 117 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet evasion payload persistence trojan
Link:
https://tria.ge/reports/210930-lnrl9shcan/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Adds Run key to start application
Checks whether UAC is enabled
Loads dropped DLL
Executes dropped EXE
Dridex Shellcode
Dridex Payload
Dridex
Unpacked files
SH256 hash:
829be9339e5b2a28d562988e712a26778d19a97d4c7daa365a78e64e45d96777
MD5 hash:
c30386a1822a9c5b7b49a913c3b17da4
SHA1 hash:
079372fc499203a85fae6e5fb631e40c4b30ee35
Link:
https://www.unpac.me/results/ee49baba-885a-45f3-af04-dcfad3bf096b/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/829be9339e5b/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.72
Link:
https://yomi.yoroi.company/submissions/829be9339e5b2a28d562988e712a26778d19a97d4c7daa365a78e64e45d96777

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/193456/

Comments