MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0a905cb733a72dc8a3a2d4b744653d5697cfe86a0fb481ea9db8b8f60dc3a1f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Dridex

Vendor detections: 8

Intelligence 8 IOCs YARA 2 File information Comments

SHA256 hash:	0a905cb733a72dc8a3a2d4b744653d5697cfe86a0fb481ea9db8b8f60dc3a1f7
SHA3-384 hash:	e448cd8ee07a478f411c204ff360b9b0cf5d0c715999383b27778b538c0edefae2275b80fbb08bd37e13d95e9ba7971b
SHA1 hash:	a18b47ee1c5dd5a80043f3b13b454ab987212cb3
MD5 hash:	f82d6953d7261f02eecd7cf2342f4514
humanhash:	ack-cola-artist-whiskey
File name:	kzwc4s.zip
Download:	download sample
Signature	Dridex Create hunting rule
File size:	868'352 bytes
First seen:	2021-01-21 17:16:25 UTC
Last seen:	2021-01-21 18:54:01 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	f4f63e9c9e54a0497e774f15ebdcf087 (27 x Dridex)
ssdeep	12288:53K8zfRHTVvV/iicxxOdUnyRsy8xLtNalpxIEdRgHCF7RuOwFQLQN41APA31uIEj:9K8zxhtafyS2jIEiCiQGk1f
Threatray	264 similar samples on MalwareBazaar
TLSH	BE05BF22FA909875F72D13304C73D56246FDBD428A39DD5F32CB291B38A6771B12638A
Reporter	pancak3lullz
Tags:	Cutwail Dridex

pancak3lullz

Cutwail delivering Dridex via XLSM attachment.

Intelligence

File Origin

# of uploads :

# of downloads :

313

Origin country :

n/a

Vendor Threat Intelligence

Detection:

DridexLoader

Link:

https://www.capesandbox.com/analysis/114574/

Detection(s):

SecuriteInfo.com.Generic.mg.f82d6953d7261f02.30909.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Sending a custom TCP request

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/587502

Signature

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0a905cb733a72dc8a3a2d4b744653d5697cfe86a0fb481ea9db8b8f60dc3a1f7/

Threat name:

Win32.Infostealer.Dridex

Status:

Suspicious

First seen:

2021-01-21 16:19:56 UTC

File Type:

PE (Dll)

Extracted files:

AV detection:

10 of 28 (35.71%)

Threat level:

5/5

Verdict:

malicious

Label(s):

dridex

gozi

Result

Malware family:

dridex

Score:

10/10

Tags:

family:dridex botnet loader

Link:

https://tria.ge/reports/210121-vreg7tws56/

Behaviour

Suspicious use of WriteProcessMemory

Dridex Loader

Dridex

Malware Config

C2 Extraction:

194.225.58.214:443
211.110.44.63:5353
69.164.207.140:3388
198.57.200.100:3786

Unpacked files

SH256 hash:

bd9c98c92c68f99f4be1650619018097b6d73211d0546c3c6d7632781881139e

MD5 hash:

34c19bfc037f4018c28e40ee22d73bce

SHA1 hash:

1ab88c41ceaaa6f77ab6733043705bc6ffdaa49a

Link:

https://www.unpac.me/results/96224c86-a004-4c8f-b9df-1009ec823382/

SH256 hash:

0a905cb733a72dc8a3a2d4b744653d5697cfe86a0fb481ea9db8b8f60dc3a1f7

MD5 hash:

f82d6953d7261f02eecd7cf2342f4514

SHA1 hash:

a18b47ee1c5dd5a80043f3b13b454ab987212cb3

Link:

https://www.unpac.me/results/96224c86-a004-4c8f-b9df-1009ec823382/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/0a905cb733a72dc8a3a2d4b744653d5697cfe86a0fb481ea9db8b8f60dc3a1f7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.