MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9492c6842475059a6af7f4b8c42e03944f08938243fa393713a5a6a930d79bcd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Dridex

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	9492c6842475059a6af7f4b8c42e03944f08938243fa393713a5a6a930d79bcd
SHA3-384 hash:	2293ccde6009642896ec39311eb123c9bf6d80d853c4b3b1736e4fd3c9294ab8600119f56cca730fa845b4c206c218af
SHA1 hash:	2bbca22cb0355f1ad4acedd9dd69ebaaeddf6b9e
MD5 hash:	031f318c8ab815cda0d447904a925cf7
humanhash:	mike-paris-triple-arizona
File name:	lJLGhCR1BZpq9-S4xC4DlE8Ik4JD_jk3E6WmqTDXm80.bin
Download:	download sample
Signature	Dridex Create hunting rule
File size:	331'776 bytes
First seen:	2020-09-24 11:19:32 UTC
Last seen:	2020-09-24 12:52:54 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	dc2ed48ba38dc3cd99f10d806fe1d696 (1 x Dridex)
ssdeep	6144:m7fWXIrEU401YJpdX9IPS/AE8ZqJ5kHXBB0X3v8HoFS:m7fMUF1YJjX9fZ8ZmgE3Gx
Threatray	27 similar samples on MalwareBazaar
TLSH	D464E092E2EE6300F4F7DBF0D471C2167E9E7D95A97AC2AC41141C4BA653A50CEA43F2
Reporter	Anonymous
Tags:	Dridex

Intelligence

File Origin

# of uploads :

# of downloads :

175

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Detection(s):

SecuriteInfo.com.BehavesLike.Win32.Downloader.fc.27180.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/474187

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/9492c6842475059a6af7f4b8c42e03944f08938243fa393713a5a6a930d79bcd/

Threat name:

Win32.Trojan.Wacatac

Status:

Malicious

First seen:

2020-09-24 11:21:06 UTC

File Type:

PE (Dll)

AV detection:

21 of 29 (72.41%)

Threat level:

5/5

Verdict:

malicious

Label(s):

emotet

Result

Malware family:

dridex

Score:

10/10

Tags:

botnet loader family:dridex

Link:

https://tria.ge/reports/200924-fba1dxwcre/

Behaviour

Suspicious use of WriteProcessMemory

Dridex Loader

Dridex

Malware Config

C2 Extraction:

151.236.219.181:443
142.4.6.57:14043
162.144.127.197:3786
103.40.116.68:5443

Unpacked files

SH256 hash:

9492c6842475059a6af7f4b8c42e03944f08938243fa393713a5a6a930d79bcd

MD5 hash:

031f318c8ab815cda0d447904a925cf7

SHA1 hash:

2bbca22cb0355f1ad4acedd9dd69ebaaeddf6b9e

Link:

https://www.unpac.me/results/d4c3944c-d51a-438c-a338-0144f98ae19e/

SH256 hash:

60cf07aecb7d53b9e46582575c182159860af023100cd6d142f3d461f6768e5f

MD5 hash:

d2ec817d5fe3c37f2fa57e7aece2a781

SHA1 hash:

005579c0e0a47b6ee63af2f83a5016409f9f87cf

Link:

https://www.unpac.me/results/d4c3944c-d51a-438c-a338-0144f98ae19e/

SH256 hash:

8b3182f4f819bdc27385b887aa4663febbea7689da430e38f860d38fd233a8b9

MD5 hash:

e32688a4c909486ca4ffd00c3d1e6c1b

SHA1 hash:

d945aee52f75e56e3fd6217432f28b224f016841

Detections:

win_dridex_auto

Link:

https://www.unpac.me/results/d4c3944c-d51a-438c-a338-0144f98ae19e/

Parent samples :

9492c6842475059a6af7f4b8c42e03944f08938243fa393713a5a6a930d79bcd
fad001d463e892e7844040cabdcfa8f8431c07e7ef1ffd76ffbd190f49d7693d

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Kryptik

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/9492c6842475059a6af7f4b8c42e03944f08938243fa393713a5a6a930d79bcd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/65325/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample