MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 04622665ec1dccb6fabcd0d62b24747bb650aa6964a84a966a633066c840d379. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 04622665ec1dccb6fabcd0d62b24747bb650aa6964a84a966a633066c840d379
SHA3-384 hash: 7052f5f5bcd309eaf4d1e7389124d9e45249ccea92c5d9fb353cf6f5fa9e28ae4df2d4d5d5727523220ecc5ea20b0420
SHA1 hash: 5e48729ded71998c5320dbe73aea54cbf6bd257d
MD5 hash: 782f3a3edfc69c661caf22286858f19e
humanhash: pennsylvania-equal-double-louisiana
File name:782f3a3edfc69c661caf22286858f19e
Download: download sample
Signature Dridex
Create hunting rule
File size:618'496 bytes
First seen:2021-10-13 13:47:33 UTC
Last seen:2021-10-13 16:20:43 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 5eb95f99453a8a6fe3d6300e286747db (3 x Dridex)
ssdeep 12288:KuIBaTwMtjp4CqwqyaXPLAfx38TW9DiWUT2tq017JGoLbSW/:FXb4wqyaDA5sTWiXT2tq07G2//
Threatray 863 similar samples on MalwareBazaar
TLSH T140D4F7013A54E821E7E955B6CF2AC6E85B183D49EFB0A4C778E17F0F2AA94F3D215305
Reporter zbetcheckin
Tags:32 dll Dridex exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
177
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/197225/
Detection(s):
SecuriteInfo.com.ML.PE-A.31975.23345.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
67%
Tags:
greyware icedid
Link:
https://www.filescan.io/uploads/6166e395fd35fe780c3d59a1/reports/6e152e81-6052-477a-91ac-c5efe8d02a6e/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Dridex
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ce64670c-dbbe-471c-ad53-1b6f934748bc
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
bank.troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/869838
Signature
C2 URLs / IPs found in malware configuration
Connects to many ports of the same IP (likely port scanning)
Detected Dridex e-Banking trojan
Found malware configuration
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected Dridex unpacked file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 502263 Sample: ZHuOtLRXeM Startdate: 13/10/2021 Architecture: WINDOWS Score: 88 28 Found malware configuration 2->28 30 Multi AV Scanner detection for submitted file 2->30 32 Yara detected Dridex unpacked file 2->32 34 2 other signatures 2->34 7 loaddll32.exe 13 2->7         started        process3 signatures4 38 Detected Dridex e-Banking trojan 7->38 10 cmd.exe 1 7->10         started        12 rundll32.exe 7->12         started        14 rundll32.exe 7->14         started        16 rundll32.exe 7->16         started        process5 process6 18 rundll32.exe 12 10->18         started        dnsIp7 22 174.128.245.202, 443, 49787, 49806 ST-BGPUS United States 18->22 24 51.83.3.52, 13786, 49791, 49817 OVHFR France 18->24 26 69.64.50.41, 49799, 49819, 49820 AS-30083-GO-DADDY-COM-LLCUS United States 18->26 36 System process connects to network (likely due to code injection or exploit) 18->36 signatures8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/04622665ec1dccb6fabcd0d62b24747bb650aa6964a84a966a633066c840d379/
Threat name:
Win32.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-10-13 13:48:07 UTC
AV detection:
7 of 28 (25.00%)
Threat level:
  1/5
Verdict:
malicious
Label(s):
dridex
Create hunting rule
gozi
Create hunting rule
Similar samples:
022300768af4879806a62b295825264657708576228f92efda2ba023ef0d955c
Dridex
09cceb619174c99d026734f860f26cda0107af31b9153a9f7d6613c86fd57772
Dridex
88a94091ec39cf0fcb60f326e81f2a12ac40c6f41072f04dd0088d9c435e2d31
Dridex
98b3fa8ad7143d6bfb754aeca00ded8ffe5789d7e4360f51841801906f5e5551
Dridex
9e39f4494952dfedc6608ebad6c832474045bfaba3ccbb69f8194a2681311eac
Dridex
a6c8e854f7c30f6390c39a1cea1393b949331a1b17b455dedd05fd7c92c7ff90
Dridex
b354b40413ec755a51a63ab930860d9078d9ad157f1f18b0d0c441d73bf6691c
Dridex
b8ef959a9176aef07fdca8705254a163b50b49a17217a4ff0107487f59d4a35d
Dridex
b9bb671587f2dad8a3df83d6bd0b7b8327edf93fadbefe8b6aa7eabe6698ae88
Dridex
c72fa2296308b8500ddb8c345035befee0711451d1272df8b6762c608e0cfb82
Dridex
+ 853 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet:10444 botnet discovery evasion trojan
Link:
https://tria.ge/reports/211013-q3485aecf2/
Behaviour
Suspicious use of WriteProcessMemory
Checks installed software on the system
Checks whether UAC is enabled
Blocklisted process makes network request
Dridex
Malware Config
C2 Extraction:
174.128.245.202:443
51.83.3.52:13786
69.64.50.41:6602
Unpacked files
SH256 hash:
0b9946e6d8d171a116c6346a68a0f6db1f8dcaf03286e3c53df2eaf5d8580a82
MD5 hash:
a421cce24952d6ec9294e3286273a90a
SHA1 hash:
f7c4cb9a8dad065594367b4adacc238dfa2dabcf
Link:
https://www.unpac.me/results/d4e71684-a754-42ff-b00f-3d60d88f2030/
SH256 hash:
04622665ec1dccb6fabcd0d62b24747bb650aa6964a84a966a633066c840d379
MD5 hash:
782f3a3edfc69c661caf22286858f19e
SHA1 hash:
5e48729ded71998c5320dbe73aea54cbf6bd257d
Link:
https://www.unpac.me/results/d4e71684-a754-42ff-b00f-3d60d88f2030/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/04622665ec1dccb6fabcd0d62b24747bb650aa6964a84a966a633066c840d379

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 04622665ec1dccb6fabcd0d62b24747bb650aa6964a84a966a633066c840d379

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1673980/
  
URLhaus
https://urlhaus.abuse.ch/url/1674073/
  
URLhaus
https://urlhaus.abuse.ch/url/1673967/
  
URLhaus
https://urlhaus.abuse.ch/url/1674098/
  
URLhaus
https://urlhaus.abuse.ch/url/1673987/
  
URLhaus
https://urlhaus.abuse.ch/url/1674024/
  
URLhaus
https://urlhaus.abuse.ch/url/1674037/
  
URLhaus
https://urlhaus.abuse.ch/url/1674020/
  
URLhaus
https://urlhaus.abuse.ch/url/1674055/
  
URLhaus
https://urlhaus.abuse.ch/url/1673964/
  
URLhaus
https://urlhaus.abuse.ch/url/1674042/
Cape
Cape
https://www.capesandbox.com/analysis/197225/

Comments


Avatar
zbet commented on 2021-10-13 13:47:35 UTC

url : hxxps://www.karofinancialservices.com/acqlzg075.jpg