MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 83c390d82e19beec14d007b7350f4296c23ce9b3d131a3670ebb7424ad917410. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 83c390d82e19beec14d007b7350f4296c23ce9b3d131a3670ebb7424ad917410
SHA3-384 hash: edc3ca14ff770e817ec8030d96b946684b973e9aece45f1252c86e4cfa5267e139da5f66cdbb917c34fae83a2ab4b19f
SHA1 hash: ccdd7e12587ce16013fe5cbf5b3ac7ba9c7bd910
MD5 hash: 06888708e24aa2bad5f12b668063e0d8
humanhash: july-nevada-magnesium-rugby
File name:06888708e24aa2bad5f12b668063e0d8.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:512'000 bytes
First seen:2020-11-19 06:06:47 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 9ce056f8aa7425c9e5c947787e31ceea (1 x Dridex)
ssdeep 6144:EPYdyni6Kud+NRZpmrQJGnipcVTtRyyac/XGeodGJXYmzowTfM7t3zDu2v:4Ri6YHZQrQYiWlHPboMJNowTGFzD3
Threatray 152 similar samples on MalwareBazaar
TLSH D0B40222B3E1C031E9778238989EC1E2CB367E1187B8458772D51B5FAFA31F45636786
Reporter abuse_ch
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
141
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/542244
Signature
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/83c390d82e19beec14d007b7350f4296c23ce9b3d131a3670ebb7424ad917410/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-11-18 18:41:02 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qpbzbwbodg7oyfgqa63tkd2cs3bdz2nt2ey2gzyoxn2cjlmroqia._file
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
00777c86e585397754f0e73a927bcaa3e39a4948d9bb28e758f0f5bfdac1eef4
Dridex
0be0253ef0653faeda6da8f44b05e5c63035d1142efd90d63b41568d28458959
Dridex
174c621f41276dd1732bb57b4e44aa0c5476ee3bf890a3ba0e02f7565d283d9c
Dridex
24e9d45999add1dac491b4c3cfb55b77b95a46bc693eec9df56d6194b7fbe25e
Dridex
4ef049a69d2343a538b8563388f2a9f6838e8e864c6738b1e4934a4e377369a9
Dridex
8a0258361b87a73111afc4fb6f2cf121aa3a52122577a3692628e577ab202a34
Dridex
b354b40413ec755a51a63ab930860d9078d9ad157f1f18b0d0c441d73bf6691c
Dridex
b775a1f8663e7bdeef07cdd7497b91fa82dd7ab1015d138b2aeb8b51e77d3895
Dridex
b7a5135fb78a58682cc0de111468bb007d1f8c78bbd561d3f155809b6e991a29
Dridex
fd6f6c377f403f5faccf5c4bb03a0d5af94f7f57ac13572a42b187cdbda027cc
Dridex
+ 142 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet loader
Link:
https://tria.ge/reports/201119-kxtdqptne6/
Behaviour
Suspicious use of WriteProcessMemory
Dridex Loader
Dridex
Malware Config
C2 Extraction:
162.241.44.26:9443
192.232.229.53:4443
77.220.64.34:443
193.90.12.121:3098
Unpacked files
SH256 hash:
83c390d82e19beec14d007b7350f4296c23ce9b3d131a3670ebb7424ad917410
MD5 hash:
06888708e24aa2bad5f12b668063e0d8
SHA1 hash:
ccdd7e12587ce16013fe5cbf5b3ac7ba9c7bd910
Link:
https://www.unpac.me/results/d299e339-e34e-4704-abd3-b86f7be2c658/
SH256 hash:
d706f3c19586af4f5c3d7e70215194c4b1f46f543c86372a0ffb51d8353b434a
MD5 hash:
f04b91ad4238cbd89d4b03ba0e3eba54
SHA1 hash:
b4c3af2010222455b6bce1c83f28aad9c57e6b1d
Link:
https://www.unpac.me/results/d299e339-e34e-4704-abd3-b86f7be2c658/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 83c390d82e19beec14d007b7350f4296c23ce9b3d131a3670ebb7424ad917410

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/829552/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/829481/
  
URLhaus
https://urlhaus.abuse.ch/url/829470/
  
URLhaus
https://urlhaus.abuse.ch/url/829554/
  
URLhaus
https://urlhaus.abuse.ch/url/829553/
  
URLhaus
https://urlhaus.abuse.ch/url/829479/
  
URLhaus
https://urlhaus.abuse.ch/url/829383/
  
URLhaus
https://urlhaus.abuse.ch/url/829482/
  
URLhaus
https://urlhaus.abuse.ch/url/829465/
  
URLhaus
https://urlhaus.abuse.ch/url/829555/
  
URLhaus
https://urlhaus.abuse.ch/url/829497/
  
URLhaus
https://urlhaus.abuse.ch/url/829480/
  
URLhaus
https://urlhaus.abuse.ch/url/829490/
  
URLhaus
https://urlhaus.abuse.ch/url/829467/
  
URLhaus
https://urlhaus.abuse.ch/url/829472/
  
URLhaus
https://urlhaus.abuse.ch/url/829498/
  
URLhaus
https://urlhaus.abuse.ch/url/829486/
  
URLhaus
https://urlhaus.abuse.ch/url/829556/
  
URLhaus
https://urlhaus.abuse.ch/url/829485/
  
URLhaus
https://urlhaus.abuse.ch/url/829496/

Comments