MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0856bff07c493916b93bcdf3cf6eef6b2341720e9fbe1fc44a33c03e88728a5a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0856bff07c493916b93bcdf3cf6eef6b2341720e9fbe1fc44a33c03e88728a5a
SHA3-384 hash: 8d3aec8800479f937c9682fea5d7d75fad908e8ffdb676a4948caf9e3b86ca6a4981d28db8aaa992d87a09fad1ad5a93
SHA1 hash: bb9d88cadeeb6f3be85f66ae00d3e81ba803bf70
MD5 hash: 4984d8b44e60501d23606a4ffcd6547c
humanhash: asparagus-network-two-pasta
File name:0856bff07c493916b93bcdf3cf6eef6b2341720e9fbe1fc44a33c03e88728a5a
Download: download sample
Signature Dridex
Create hunting rule
File size:363'165 bytes
First seen:2020-11-06 11:22:40 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash f973b752dc5ac349369486fc7f90c6b1 (3 x Dridex, 1 x ZLoader)
ssdeep 6144:S3s9vfpA09TUZiYWpcl8Yte2YMnnWZI8VQ3SSOED1nUmhMwHpId7XGDT:Sc9vDhUZiYWpcl80YMnv3YERntMwHpqA
Threatray 39 similar samples on MalwareBazaar
TLSH 9B744A06FAC40E77C9CB317AC45911774277EE950BA5FA0357B9B948DAF13E83A30A02
Reporter seifreed
Tags:Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Dridex.735.11434.31330.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0856bff07c493916b93bcdf3cf6eef6b2341720e9fbe1fc44a33c03e88728a5a/
Threat name:
Win32.Trojan.Skeeyah
Create hunting rule
Status:
Malicious
First seen:
2020-11-02 14:04:58 UTC
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bbll74d4je4rnoj3zxz463xpnmruc4qot67b7rckgpad5cdsrjna._file
Verdict:
unknown
Similar samples:
0c706ecdd8cb4393779872471c38ad5286f4883107e75835a91f007815e7413a
Dridex
13505df434d68606d795543450bbbf96b02e5ae457386269fa47dd468cd32963
Dridex
5694f91b4ded48c03a9a6d2be13f5d9300f873ee77ab4ac340facca786ef0f51
Dridex
6b748a0e8362708fff37d236e176850fade4242e0e439a32bbbe52c11e961341
Dridex
6f44a7e56eb2efe65e35576ea02c37a740a7ec8c8d12b57be29012ad9894dad1
Dridex
89fe58276e356b9cfff31829f346c90363f20dd9d981da2491db0b7c67f77e86
Dridex
adf6d91922505e07b840cdd9f74d33d6c7872bc6534a9be6b27b5d03470c835b
Dridex
baeafe5be147b00fb7af31b10ccdd139f17d335d3908c90d62d77668384a8cb2
Dridex
c307f86ab5e3cc34c08e557ca6805bd8f0e024516c85b26516a5c35f1c516064
Dridex
f3a538a0a43dc9a99a00e760764a0d43517beb25e832e763538ed29b5a9db058
Dridex
+ 29 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://tria.ge/reports/201106-2nahn5braa/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
0856bff07c493916b93bcdf3cf6eef6b2341720e9fbe1fc44a33c03e88728a5a
MD5 hash:
4984d8b44e60501d23606a4ffcd6547c
SHA1 hash:
bb9d88cadeeb6f3be85f66ae00d3e81ba803bf70
Link:
https://www.unpac.me/results/b166ec1c-59e6-4b1e-bfba-cd3209776aa9/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/658191/

Comments