MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 06e41c9e1128631c9e0c2174ed4b367d0f6ed7e3481fdcc95b24d66edd02a45f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 06e41c9e1128631c9e0c2174ed4b367d0f6ed7e3481fdcc95b24d66edd02a45f
SHA3-384 hash: ed06384d67490c041f666c646b9ba40937be3db34d3e087a72700c227f6d9a0a7c685ed0837208b996382054a3092da0
SHA1 hash: 7063a2dd1e3b2d27ae864198e3df8b5b6ba9c5ef
MD5 hash: 676514125157e96345e544a2c72a4844
humanhash: chicken-colorado-blossom-twenty
File name:676514125157e96345e544a2c72a4844.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:634'880 bytes
First seen:2021-10-13 17:44:57 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 77aefec4cdbad9a00d9143503be0ce97 (4 x Dridex)
ssdeep 12288:CE6rSir4nbs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y1CO/zFZx:oe143j0dMZnCutz4zI5xDwXUom
Threatray 869 similar samples on MalwareBazaar
TLSH T117D4F7013A04E821E7E55575DE2AC6E85B183D49EFB1A4CB78E17F0F2ABA9F3D215301
Reporter abuse_ch
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
205
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/197333/
Detection(s):
SecuriteInfo.com.ML.PE-A.14858.26505.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware
Link:
https://www.filescan.io/uploads/61671b221c2d58ba7405140f/reports/77c4a8a0-1ea4-42cf-a35b-c9dfb37871e2/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/140ed602-5952-41db-88d5-ca173c435ca7
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
bank.troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/869892
Signature
C2 URLs / IPs found in malware configuration
Connects to many ports of the same IP (likely port scanning)
Detected Dridex e-Banking trojan
Found malware configuration
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected Dridex unpacked file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 502320 Sample: BobglLrEyi.dll Startdate: 13/10/2021 Architecture: WINDOWS Score: 88 28 Found malware configuration 2->28 30 Multi AV Scanner detection for submitted file 2->30 32 Yara detected Dridex unpacked file 2->32 34 2 other signatures 2->34 7 loaddll32.exe 13 2->7         started        process3 signatures4 38 Detected Dridex e-Banking trojan 7->38 10 cmd.exe 1 7->10         started        12 rundll32.exe 7->12         started        14 rundll32.exe 7->14         started        16 rundll32.exe 7->16         started        process5 process6 18 rundll32.exe 12 10->18         started        dnsIp7 22 174.128.245.202, 443, 49752, 49764 ST-BGPUS United States 18->22 24 51.83.3.52, 13786, 49754, 49779 OVHFR France 18->24 26 69.64.50.41, 49769, 49781, 49782 AS-30083-GO-DADDY-COM-LLCUS United States 18->26 36 System process connects to network (likely due to code injection or exploit) 18->36 signatures8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/06e41c9e1128631c9e0c2174ed4b367d0f6ed7e3481fdcc95b24d66edd02a45f/
Threat name:
Win32.Worm.Cridex
Create hunting rule
Status:
Malicious
First seen:
2021-10-13 15:22:47 UTC
AV detection:
5 of 45 (11.11%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
dridex
Create hunting rule
gozi
Create hunting rule
Similar samples:
0104974a7bf43e2e31d25ae485f57c62efe89eaea2d3e520db8a76fa70dd956d
Dridex
2a4481f10b4459ea382a05f9db4ba9922b313418df5380ceb44c3dd5b5b8a459
Dridex
2fc3cb59c6857ff712e6fb5f29536a51962edd2ef374e6f2cd18c9145d275c9f
Dridex
3997bf3cf7485ae768f7a23aaa9004f73b0594550611138906821f9b4dc9bce7
Dridex
53ce752aa18d36320fc8a1c0fa6993dc866416bccc613a4fef80f2427d224824
Dridex
64e74154b802e06a6c728fe08a7cac5d2a4b8091384af39701a76685bc68b5ba
Dridex
8521e047f78ccf64777d40e44fb86a95f900e0ed594bb4f01cc6802ff412c536
Dridex
905960957f03c7a56deaee448ac8fff59f7aad97619ee5a98eb220b9cebee849
Dridex
91c376e46a03fd60bd99fac07389eea32d1098ee23ac154aedd90025bc64528a
Dridex
960a1e2b0409907409403684b842ddccc1bb3369efaf5881fea9d1da51599717
Dridex
+ 859 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet:10222 botnet discovery evasion trojan
Link:
https://tria.ge/reports/211013-wbqjjsefcj/
Behaviour
Suspicious use of WriteProcessMemory
Checks installed software on the system
Checks whether UAC is enabled
Blocklisted process makes network request
Dridex
Malware Config
C2 Extraction:
174.128.245.202:443
51.83.3.52:13786
69.64.50.41:6602
Unpacked files
SH256 hash:
27fdb8f82afb6fe71f5fe20d0b68bbbcb9320bdd59524eb8e4307259e4db880a
MD5 hash:
da838e6be1635f5c62b68afcadaa7b86
SHA1 hash:
f7479289114125a9e752ebbe97cd57dee69043c2
Link:
https://www.unpac.me/results/657f58dd-9d42-4c6a-a3ef-42a0fe3c84fc/
SH256 hash:
06e41c9e1128631c9e0c2174ed4b367d0f6ed7e3481fdcc95b24d66edd02a45f
MD5 hash:
676514125157e96345e544a2c72a4844
SHA1 hash:
7063a2dd1e3b2d27ae864198e3df8b5b6ba9c5ef
Link:
https://www.unpac.me/results/657f58dd-9d42-4c6a-a3ef-42a0fe3c84fc/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/06e41c9e1128631c9e0c2174ed4b367d0f6ed7e3481fdcc95b24d66edd02a45f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 06e41c9e1128631c9e0c2174ed4b367d0f6ed7e3481fdcc95b24d66edd02a45f

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/197333/
  
URLhaus
https://urlhaus.abuse.ch/url/1673995/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1674102/
  
URLhaus
https://urlhaus.abuse.ch/url/1673968/
  
URLhaus
https://urlhaus.abuse.ch/url/1673972/
  
URLhaus
https://urlhaus.abuse.ch/url/1673953/
  
URLhaus
https://urlhaus.abuse.ch/url/1674109/
  
URLhaus
https://urlhaus.abuse.ch/url/1674032/

Comments