MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ffa2348834cf46c2df5b305156592ca582eaf701a7833c9c339b215ac5b9db65. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Dridex

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	ffa2348834cf46c2df5b305156592ca582eaf701a7833c9c339b215ac5b9db65
SHA3-384 hash:	c293e54bf7d693a0b034e279654fbaf7550e334aa8e052635c35510910c9f5c1d03b0a87cbdef5d2102d9421d561db2c
SHA1 hash:	f4734112dcfa368d91824d2445abe407aec28106
MD5 hash:	45fd620112253f88cdc8a55eb549cf57
humanhash:	north-india-bravo-bakerloo
File name:	45fd620112253f88cdc8a55eb549cf57.dll
Download:	download sample
Signature	Dridex Create hunting rule
File size:	551'936 bytes
First seen:	2020-10-08 12:17:28 UTC
Last seen:	2020-10-08 13:24:01 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	c071dd0a8757df1d8d7f5cf05bed6cae (1 x Dridex)
ssdeep	6144:O/jffkHKLXmp/jzFmNr9bzxJ9mFCSMTawWTe80RxH4C6X6CBw0BHIOVlJ:ka/jGrRlJAFCSMGhC806qCrSC
Threatray	20 similar samples on MalwareBazaar
TLSH	EEC4609C4702ADBFD1631137AD3B1D87B458F98A3D69AB3ED413B080207296AF5A4D1F
Reporter	abuse_ch
Tags:	dll Dridex

Intelligence

File Origin

# of uploads :

# of downloads :

168

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/69191/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Sending a custom TCP request

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/485305

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ffa2348834cf46c2df5b305156592ca582eaf701a7833c9c339b215ac5b9db65/

Threat name:

Win32.Trojan.Wacatac

Status:

Malicious

First seen:

2020-10-08 12:19:05 UTC

AV detection:

22 of 29 (75.86%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=76rdjcbuz5dmfx23gbivmwjmuwbov5ybu6btzhbttmqvvrnz3nsq._file

Verdict:

malicious

Label(s):

dridex

Result

Malware family:

dridex

Score:

10/10

Tags:

botnet loader evasion trojan discovery family:dridex

Link:

https://tria.ge/reports/201008-rq1jvcsyzn/

Behaviour

Suspicious use of WriteProcessMemory

Checks installed software on the system

Checks whether UAC is enabled

Blacklisted process makes network request

Dridex Loader

Dridex

Malware Config

C2 Extraction:

177.87.70.3:443
213.133.102.195:3889
27.254.174.93:33443
27.254.174.77:4443

Unpacked files

SH256 hash:

ffa2348834cf46c2df5b305156592ca582eaf701a7833c9c339b215ac5b9db65

MD5 hash:

45fd620112253f88cdc8a55eb549cf57

SHA1 hash:

f4734112dcfa368d91824d2445abe407aec28106

Link:

https://www.unpac.me/results/d0ab47ed-eff3-4177-bda4-6071bb2bb04c/

SH256 hash:

fab0ad8a99bdbf7835f1e8df7ff49f8f8cd95a75c00e1928e7755edb5c093178

MD5 hash:

c2b570e623a9dde6d99f2a3479c0fe6e

SHA1 hash:

10fae8dd2ab697607bb1335fc3b2b889f1df430e

Link:

https://www.unpac.me/results/d0ab47ed-eff3-4177-bda4-6071bb2bb04c/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Kryptik

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/ffa2348834cf46c2df5b305156592ca582eaf701a7833c9c339b215ac5b9db65

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll ffa2348834cf46c2df5b305156592ca582eaf701a7833c9c339b215ac5b9db65

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/664874/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/69191/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample