MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 893c7494c17b3d779e43c3b6e10f31171d23cdf0ad7f6bf4df40420496ddeba3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 893c7494c17b3d779e43c3b6e10f31171d23cdf0ad7f6bf4df40420496ddeba3
SHA3-384 hash: 7dbe24314c440e7879da0068e8d462e70c43dafb686fdfedbed49876b0a5f1618618abba121f456d7c3e31ed8ccf6c6d
SHA1 hash: 2cee7ebae23e10fd985faaefad7c827be568982a
MD5 hash: e2c08e17d07378e47eb16af7e2e4aa45
humanhash: orange-hydrogen-foxtrot-ten
File name:SecuriteInfo.com.Generic.mg.e2c08e17d07378e4.3122
Download: download sample
Signature Dridex
Create hunting rule
File size:795'648 bytes
First seen:2020-12-09 19:39:00 UTC
Last seen:2020-12-10 14:29:41 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 843394a2391391a911183c37c4efcf44 (1 x Dridex)
ssdeep 12288:U8d+BcYfNcODYVNqNSGdv43hAS8Rqc9x56:J+BLbDYjqN7xAAR/Y
Threatray 231 similar samples on MalwareBazaar
TLSH 6D055B63E6A85460F32A033148B7A55387FDBE40CA7D9D9732CB350B38A77B17529389
Reporter SecuriteInfoCom
Tags:Dridex

Intelligence

File Origin
# of uploads :
2
# of downloads :
199
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
jn0zjs73q.zip
Verdict:
No threats detected
Analysis date:
2020-12-10 17:57:01 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/12b2c1f3-6462-4111-9932-022e9a9a4006

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/107547/
Detection(s):
SecuriteInfo.com.Generic.mg.e2c08e17d07378e4.3122.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Dridex Dridex Dropper
Create hunting rule
Detection:
malicious
Classification:
bank
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/559546
Signature
Detected Dridex e-Banking trojan
Dridex dropper found
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/893c7494c17b3d779e43c3b6e10f31171d23cdf0ad7f6bf4df40420496ddeba3/
Threat name:
Win32.Trojan.Malrep
Create hunting rule
Status:
Malicious
First seen:
2020-12-09 17:16:56 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
2fc3cb59c6857ff712e6fb5f29536a51962edd2ef374e6f2cd18c9145d275c9f
Dridex
59bcb00ad3c245e8c5b1de2341cc494a469513019a972f874f775b2266cd5015
Dridex
6bda1885bb0337153468b0f8bc583130bd259c381b93f810ecb8b03eec8f0675
Dridex
79a3a7441a371606291f8bd47216a503b27a38ec61ba7604c9ba2597a54cc3d8
Dridex
91c376e46a03fd60bd99fac07389eea32d1098ee23ac154aedd90025bc64528a
Dridex
b7a5135fb78a58682cc0de111468bb007d1f8c78bbd561d3f155809b6e991a29
Dridex
b7ab5a09792860c1c1ed7771ad1b8641bce13fadf401c56be159ad3219ebf3bc
Dridex
c9543baa2ba0d7d8b670213c02ba258041823cf79f558a3c7e4c9ad7923b2bc3
Dridex
e82b0b808ec6cf97f4318b3db1e7ac06cfd5b3e04569f61830e3f58fc34eb75b
Dridex
fa4745a9f86a7516cc6fdf77834b1b9ab83ba3a29743461eabe2bec180c9de86
Dridex
+ 221 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet discovery evasion loader trojan
Link:
https://tria.ge/reports/201209-xds9es217e/
Behaviour
Suspicious use of WriteProcessMemory
Checks installed software on the system
Checks whether UAC is enabled
Blocklisted process makes network request
Dridex Loader
Dridex
Malware Config
C2 Extraction:
169.255.216.36:443
138.201.138.91:3389
89.174.36.41:4643
87.106.89.36:3389
Unpacked files
SH256 hash:
893c7494c17b3d779e43c3b6e10f31171d23cdf0ad7f6bf4df40420496ddeba3
MD5 hash:
e2c08e17d07378e47eb16af7e2e4aa45
SHA1 hash:
2cee7ebae23e10fd985faaefad7c827be568982a
Link:
https://www.unpac.me/results/14013046-6846-4bc0-b588-b8a61da90cd6/
SH256 hash:
5a9988396b0f4701c979671946161d2e84d1ccda8be3c559f1328306f30a691d
MD5 hash:
37a2678e0012188863e09b4cb8f83989
SHA1 hash:
cba52f024e25ffa6a6dd01410f8d9ddb4c36c0d2
Link:
https://www.unpac.me/results/14013046-6846-4bc0-b588-b8a61da90cd6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/893c7494c17b3d779e43c3b6e10f31171d23cdf0ad7f6bf4df40420496ddeba3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 893c7494c17b3d779e43c3b6e10f31171d23cdf0ad7f6bf4df40420496ddeba3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/902125/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/902119/
  
URLhaus
https://urlhaus.abuse.ch/url/902082/
  
URLhaus
https://urlhaus.abuse.ch/url/902064/
  
URLhaus
https://urlhaus.abuse.ch/url/902078/
  
URLhaus
https://urlhaus.abuse.ch/url/902076/
  
URLhaus
https://urlhaus.abuse.ch/url/902079/
  
URLhaus
https://urlhaus.abuse.ch/url/902053/
  
URLhaus
https://urlhaus.abuse.ch/url/902131/
  
URLhaus
https://urlhaus.abuse.ch/url/902075/
  
URLhaus
https://urlhaus.abuse.ch/url/902058/
  
URLhaus
https://urlhaus.abuse.ch/url/902126/
  
URLhaus
https://urlhaus.abuse.ch/url/902074/
  
URLhaus
https://urlhaus.abuse.ch/url/902067/
  
URLhaus
https://urlhaus.abuse.ch/url/902109/
  
URLhaus
https://urlhaus.abuse.ch/url/902052/
  
URLhaus
https://urlhaus.abuse.ch/url/902110/
  
URLhaus
https://urlhaus.abuse.ch/url/902055/
  
URLhaus
https://urlhaus.abuse.ch/url/902062/
  
URLhaus
https://urlhaus.abuse.ch/url/902063/
  
URLhaus
https://urlhaus.abuse.ch/url/902107/
  
URLhaus
https://urlhaus.abuse.ch/url/902108/
  
URLhaus
https://urlhaus.abuse.ch/url/902066/
  
URLhaus
https://urlhaus.abuse.ch/url/902098/
  
URLhaus
https://urlhaus.abuse.ch/url/902061/
  
URLhaus
https://urlhaus.abuse.ch/url/902088/
  
URLhaus
https://urlhaus.abuse.ch/url/902056/
  
URLhaus
https://urlhaus.abuse.ch/url/902124/
  
URLhaus
https://urlhaus.abuse.ch/url/902094/
  
URLhaus
https://urlhaus.abuse.ch/url/902070/
  
URLhaus
https://urlhaus.abuse.ch/url/902072/
  
URLhaus
https://urlhaus.abuse.ch/url/902068/
  
URLhaus
https://urlhaus.abuse.ch/url/902077/
  
URLhaus
https://urlhaus.abuse.ch/url/902083/
  
URLhaus
https://urlhaus.abuse.ch/url/902059/
  
URLhaus
https://urlhaus.abuse.ch/url/902101/
  
URLhaus
https://urlhaus.abuse.ch/url/902129/
  
URLhaus
https://urlhaus.abuse.ch/url/902084/
  
URLhaus
https://urlhaus.abuse.ch/url/902089/
  
URLhaus
https://urlhaus.abuse.ch/url/902085/
  
URLhaus
https://urlhaus.abuse.ch/url/902080/
  
URLhaus
https://urlhaus.abuse.ch/url/902646/
  
URLhaus
https://urlhaus.abuse.ch/url/902054/
  
URLhaus
https://urlhaus.abuse.ch/url/902103/
  
URLhaus
https://urlhaus.abuse.ch/url/902104/
  
URLhaus
https://urlhaus.abuse.ch/url/902073/
  
URLhaus
https://urlhaus.abuse.ch/url/902051/
  
URLhaus
https://urlhaus.abuse.ch/url/902081/
Cape
Cape
https://www.capesandbox.com/analysis/107547/
  
URLhaus
https://urlhaus.abuse.ch/url/903012/
  
URLhaus
https://urlhaus.abuse.ch/url/903013/
  
URLhaus
https://urlhaus.abuse.ch/url/903014/
  
URLhaus
https://urlhaus.abuse.ch/url/903017/
  
URLhaus
https://urlhaus.abuse.ch/url/903016/
  
URLhaus
https://urlhaus.abuse.ch/url/903015/
  
URLhaus
https://urlhaus.abuse.ch/url/903018/
  
URLhaus
https://urlhaus.abuse.ch/url/903019/
  
URLhaus
https://urlhaus.abuse.ch/url/903021/
  
URLhaus
https://urlhaus.abuse.ch/url/903028/
  
URLhaus
https://urlhaus.abuse.ch/url/903027/
  
URLhaus
https://urlhaus.abuse.ch/url/903030/
  
URLhaus
https://urlhaus.abuse.ch/url/903031/
  
URLhaus
https://urlhaus.abuse.ch/url/903032/
  
URLhaus
https://urlhaus.abuse.ch/url/903034/
  
URLhaus
https://urlhaus.abuse.ch/url/903033/
  
URLhaus
https://urlhaus.abuse.ch/url/903036/
  
URLhaus
https://urlhaus.abuse.ch/url/903037/
  
URLhaus
https://urlhaus.abuse.ch/url/903038/
  
URLhaus
https://urlhaus.abuse.ch/url/903041/
  
URLhaus
https://urlhaus.abuse.ch/url/903042/
  
URLhaus
https://urlhaus.abuse.ch/url/903043/
  
URLhaus
https://urlhaus.abuse.ch/url/903045/
  
URLhaus
https://urlhaus.abuse.ch/url/903046/
  
URLhaus
https://urlhaus.abuse.ch/url/903049/
  
URLhaus
https://urlhaus.abuse.ch/url/903048/
  
URLhaus
https://urlhaus.abuse.ch/url/903050/
  
URLhaus
https://urlhaus.abuse.ch/url/903051/
  
URLhaus
https://urlhaus.abuse.ch/url/903054/
  
URLhaus
https://urlhaus.abuse.ch/url/903053/
  
URLhaus
https://urlhaus.abuse.ch/url/903058/
  
URLhaus
https://urlhaus.abuse.ch/url/903059/
  
URLhaus
https://urlhaus.abuse.ch/url/903060/
  
URLhaus
https://urlhaus.abuse.ch/url/903061/
  
URLhaus
https://urlhaus.abuse.ch/url/903064/
  
URLhaus
https://urlhaus.abuse.ch/url/903068/
  
URLhaus
https://urlhaus.abuse.ch/url/904545/
  
URLhaus
https://urlhaus.abuse.ch/url/904566/
  
URLhaus
https://urlhaus.abuse.ch/url/904565/
  
URLhaus
https://urlhaus.abuse.ch/url/904574/
  
URLhaus
https://urlhaus.abuse.ch/url/904585/
  
URLhaus
https://urlhaus.abuse.ch/url/904592/
  
URLhaus
https://urlhaus.abuse.ch/url/904591/

Comments