MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 014f37edfd2c8c498009a71d529838477459cb643ebdb35bf176a41ad7681035. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Dridex
Vendor detections: 6
| SHA256 hash: | 014f37edfd2c8c498009a71d529838477459cb643ebdb35bf176a41ad7681035 |
|---|---|
| SHA3-384 hash: | c1cceff1cc2c9a50603e7874db89fa8beae7a64ef377ff053cb069448bf3ad9f81886e5e507f42e4ea8649551c3a5851 |
| SHA1 hash: | 98ec9e5e06edf06a7f55517a6b19bba2fb915f9a |
| MD5 hash: | f17eab4b9fa2d9cc97ec95bcf7b76479 |
| humanhash: | magnesium-massachusetts-utah-oklahoma |
| File name: | SecuriteInfo.com.BehavesLike.Win32.Dropper.dc.4273 |
| Download: | download sample |
| Signature | Dridex |
| File size: | 221'184 bytes |
| First seen: | 2020-11-23 22:53:28 UTC |
| Last seen: | 2020-11-23 23:57:42 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 5da19dcc64b843868370fc6bfebaf47e (3 x Dridex) |
| ssdeep | 3072:pU/nIavARia3SsHlptUEb1Z+MfYwbKLIMr2b7XFTfnyrvsherh:pGnvvARmsH1Zxfzmv2vFTarL |
| Threatray | 5 similar samples on MalwareBazaar |
| TLSH | C824021687C433BAD678B777B55A8C3183B0B64885BDCF1FAB2C84809925747EA1762C |
| Reporter |  SecuriteInfoCom |
| Tags: | Dridex |
Intelligence
File Origin
# of uploads :
2
# of downloads :
226
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Clean
Maliciousness:
Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Dridex Dropper
Detection:
malicious
Classification:
bank.evad
Score:
88 / 100
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Dridex dropper found
Found potential dummy code loops (likely to delay analysis)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Threat name:
Win32.Infostealer.Dridex
Status:
Malicious
First seen:
2020-11-23 18:02:06 UTC
File Type:
PE (Exe)
Extracted files:
13
AV detection:
24 of 29 (82.76%)
Threat level:
5/5
Verdict:
malicious
Label(s):
dridex
Similar samples:
Result
Malware family:
dridex
Score:
10/10
Tags:
family:dridex botnet loader
Behaviour
Dridex Loader
Dridex
Malware Config
C2 Extraction:
175.126.167.148:443
173.249.20.233:8043
162.241.204.233:4443
138.122.143.40:8043
173.249.20.233:8043
162.241.204.233:4443
138.122.143.40:8043
Unpacked files
SH256 hash:
014f37edfd2c8c498009a71d529838477459cb643ebdb35bf176a41ad7681035
MD5 hash:
f17eab4b9fa2d9cc97ec95bcf7b76479
SHA1 hash:
98ec9e5e06edf06a7f55517a6b19bba2fb915f9a
SH256 hash:
ed96bb8ba9ddd34f681ae9db04d9d3c8b02a0c808b2a13eb19241648e7f7e01a
MD5 hash:
0298df83b2b6447c4bd674dab2f96616
SHA1 hash:
51d923af1b3edeb497fd9081a35b6120f142d2e4
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Dridex
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.