MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 de81f923ca4c12378688a8e26fbb0ec11d69d35f509cff7815fd3d4bc9bb0f59. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: de81f923ca4c12378688a8e26fbb0ec11d69d35f509cff7815fd3d4bc9bb0f59
SHA3-384 hash: 562741fdfdfd6493fa3ddd8909c71a1487252d5606ce57268cf409d1893c01935d9796a79a3c76d445101614185aa8ff
SHA1 hash: 74bc398220c83191c8bb493ce30acd4400917d66
MD5 hash: fe8f4b38ff583c42c615696097e1c196
humanhash: chicken-hotel-princess-robert
File name:bpcoxf.tar.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:942'080 bytes
First seen:2021-02-17 16:43:15 UTC
Last seen:2021-02-18 11:55:59 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 2b5af016caf77cb8f1d9180b332d8806 (11 x Dridex)
ssdeep 24576:EfWfnaVoffEQmyO378WTkvEKT9Hgce1BHbowCm:Euaq34yDWTkvvT9HgdbowC
Threatray 456 similar samples on MalwareBazaar
TLSH 2815E0007682C072D4A59774CD28D1FD8A69BE65CF2008EB73D43FAF3A755C18E35A6A
Reporter JAMESWT_WT
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
4
# of downloads :
133
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.fe8f4b38ff583c42.27605.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
bank.troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/610630
Signature
C2 URLs / IPs found in malware configuration
Detected Dridex e-Banking trojan
Found malware configuration
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected Dridex unpacked file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/de81f923ca4c12378688a8e26fbb0ec11d69d35f509cff7815fd3d4bc9bb0f59/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2021-02-17 16:44:09 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
dridex
Create hunting rule
gozi
Create hunting rule
Similar samples:
30b6438b14eac5337f6d0f81997a4fce356611fc19155ae3650d5df21e894e74
Dridex
48df40524456a981de9356a9b89ecfded629e931b85e9f8519effb9d4079379c
Dridex
8195c0e6b5bd6b39c5b8aec47f10a973501ba9a9dc17967141545fda31a7188e
Dridex
8243d4138835db46bef1051fd0b396a110968deb97078b07fbd6ab60b6cc3bc3
Dridex
96b51e628389b4044eb4c4d262deadbcfa778db13a7768ab7806b0e1f81d2ebf
Dridex
ac152e73957a8cb702eb7f18bb38e2bf92e4702e108ac71d403b829600b2029f
Dridex
b6ab389440b4a038ffde4ca381640a0bd982f8e970bcffdbe82629c0ae395ca7
Dridex
b6bd8479ef5943eaf26efdcda11ab09bf0569ad2295ba905fc0901511ca7c286
Dridex
e21e27fda96e53f7102ce676de46f464d0ee21341365c161facc2f42807ce1e3
Dridex
f4aaca975059e9bd029b5f7b0e7089eef5422aae9c676ab160467ef3424afd2b
Dridex
+ 446 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet:10444 botnet discovery evasion loader trojan
Link:
https://tria.ge/reports/210217-z9mx4zar4e/
Behaviour
Suspicious use of WriteProcessMemory
Checks installed software on the system
Checks whether UAC is enabled
Blocklisted process makes network request
Dridex Loader
Dridex
Malware Config
C2 Extraction:
209.20.87.138:443
198.1.115.153:8172
151.236.29.248:6516
Unpacked files
SH256 hash:
de81f923ca4c12378688a8e26fbb0ec11d69d35f509cff7815fd3d4bc9bb0f59
MD5 hash:
fe8f4b38ff583c42c615696097e1c196
SHA1 hash:
74bc398220c83191c8bb493ce30acd4400917d66
Link:
https://www.unpac.me/results/3090c8f7-1985-4017-b822-7f521927735e/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll de81f923ca4c12378688a8e26fbb0ec11d69d35f509cff7815fd3d4bc9bb0f59

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1016148/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1016113/
  
URLhaus
https://urlhaus.abuse.ch/url/1016128/
  
URLhaus
https://urlhaus.abuse.ch/url/1016142/
  
URLhaus
https://urlhaus.abuse.ch/url/1016100/
  
URLhaus
https://urlhaus.abuse.ch/url/1016134/
  
URLhaus
https://urlhaus.abuse.ch/url/1016109/
  
URLhaus
https://urlhaus.abuse.ch/url/1016124/
  
URLhaus
https://urlhaus.abuse.ch/url/1016108/

Comments