MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0f1016beea87c7d751aff9f5ed596b452fdbd3bd9fb5405b76fa62014d89d54b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Dridex

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	0f1016beea87c7d751aff9f5ed596b452fdbd3bd9fb5405b76fa62014d89d54b
SHA3-384 hash:	f02ce818ac3d19b50086dd9b4bfc116c9c66e148a6c3f4d2da4e14a5191c17a6b6f7fd75a8d756519b2ae4934706b8c3
SHA1 hash:	917dbeb3cba4772baf2bfa4a64630d8427571e9a
MD5 hash:	4acfc2f9f2884c08954deda0e3ae1b2c
humanhash:	skylark-item-papa-quebec
File name:	4acfc2f9f2884c08954deda0e3ae1b2c.dll
Download:	download sample
Signature	Dridex Create hunting rule
File size:	167'936 bytes
First seen:	2020-12-17 07:12:28 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	aaf3f8a7e0fdc202353c68c4c54c5a75 (22 x Dridex)
ssdeep	3072:s1V+vpDx7DUQrMrXxomqF0uMfbaqPR7sOdBvFBnBXit/ba82MnJI:MMXDUQrOqFXMzaqNs8vATa82M
Threatray	7 similar samples on MalwareBazaar
TLSH	06F3E11361C6EB7CDB2204B25CEE138DD1348D10CE797B1DA66D709AA7FAFD10A89352
Reporter	abuse_ch
Tags:	dll Dridex

Intelligence

File Origin

# of uploads :

1

# of downloads :

167

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.BehavesLike.Win32.Drixed.cc.28259.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

suspicious

Classification:

n/a

Score:

22 / 100

Link:

https://www.joesandbox.com/analysis/565011

Signature

Machine Learning detection for sample

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0f1016beea87c7d751aff9f5ed596b452fdbd3bd9fb5405b76fa62014d89d54b/

Threat name:

Win32.Trojan.Drixed

Status:

Malicious

First seen:

2020-12-17 07:13:04 UTC

AV detection:

22 of 48 (45.83%)

Threat level:

5/5

Verdict:

unknown

Similar samples:

07ef09d52046d7f370a8eb7a0058834eec30b59424d2a804bad3a1794e7c0f61

35dc29c0132f1684fc8ed518f98d959bd982ef058b3ba24d8a23ea1507452621

7eb170f9d34ad87ab2de388464d87041290fa7baacb2284d8ff02f358c46becd

9290d818ef8373a1ba99a14b5982552648ea54fc9ed468019a1ab2a4f833e6a2

b40a11dcea513d7f8119735975a133c896592a804f003074e735015e35f43468

e94e13000b458fea9b3da107479516b9f568dfeed7010747d1ab36d2ee363286

f0ecc44eacafdb97e9a84785bbdcffce312393c0e219d27040b42a3d4c93f45e

Result

Malware family:

dridex

Score:

10/10

Tags:

family:dridex botnet loader

Link:

https://tria.ge/reports/201217-9ap9gzn6e6/

Behaviour

Suspicious use of WriteProcessMemory

Dridex Loader

Dridex

Malware Config

C2 Extraction:

172.86.186.22:3889
46.105.131.78:14431
103.244.206.74:33443
139.162.53.147:4443

Unpacked files

SH256 hash:

a25f03803be8d2433b9fab2ea36d733092220e8cd33c0708ce46cc31ddbc741d

MD5 hash:

f6a899aba71e8382ad7da058cf434b99

SHA1 hash:

ae0d294ef70814a286585303064a662c1ed16c10

Link:

https://www.unpac.me/results/84945c72-5770-43b9-a78b-4e3546ff7cde/

SH256 hash:

b087ecd864078c49e02d43814d841d6c067ba741341483d9c58cba949fa8a57b

MD5 hash:

c596bcc0b81290429e95e80bc3d1163c

SHA1 hash:

50fd69c49784f20742ec9a983c6888a7259d8834

Detections:

win_dridex_auto

Link:

https://www.unpac.me/results/84945c72-5770-43b9-a78b-4e3546ff7cde/

Parent samples :

b40a11dcea513d7f8119735975a133c896592a804f003074e735015e35f43468
0f1016beea87c7d751aff9f5ed596b452fdbd3bd9fb5405b76fa62014d89d54b
2542d8801568e29aef85b91ee8ea89ce20bfbbb46954941745c88f68d6c9eb20
09d4beff6b8ac12cc58777c675984ee929a260431741612048ac25f4341b753e
0263af7724d2ce102b22d81a54acece688022d99521b094068459f4bc4f6aca0
98f223299305b1c6994bd7ec18fbc0fc09260fc8bd542d02686e715769ed1fae
9c29b1e8d9212da8dd9ed375d5722ceabf65c13fab3c12c9c258530b38630628
db05b73f6963ec3d5bbaebbde3545dd801b79a54a41d583146a556b0f4505515
1670a34f9c0f49e6ba51de133293371ef77aa21442aaf4698eac0163ec68ff2e
94d02d97cf6989fbdb3010543f747751dc6ff9709c854323c7959a386bad43d3
2e8384b979521ab1a3ac17745f81d9a18fa084294d242d4a6918db4413e313c6
ed8e649fba97f6ef44c5ae7b5dc4c57d71aa28ea60063986f9edb9a0338d2748
1a13b0a4251771ac84bff5b2009e1fbd8eb2c8fdbd1299ba64299f40a2ad0e7d
a8289357cdb5e5a75f6d8e6fea9e74863f16e51c913123bd7cc442e818f258b6
b1c5f8455b82ed52709846267e516590c9e97019fe406691eb5b100e45e3bd78
a81a824a4030808e0998064a90a4905fa87808e46f75c0c8d38a8f771a0d3288
2cb94e38a1930e97de56e8a310155f8b98f4effa7ffd5e3553bec6f5f9539fb2
eac020aa33b9585b92e202a58b1924b1b628a7cad2d39236b423110c221fa481
ac0e2a63a741fe311d13210f830d6995ade78652b6705420d1c382cd8a825eab
88813cbb3272347ca08a88e9ce1064bfdaf317d564c8c22c377f18a6e6fa2618
84f85c52fe3defb96af28e575a590505991fcdb447a30825d9e4d3d6b1eaaf0f
0ca4f84f42c000128a1451ffafb83a1bc482fcb79dc5ff4a4b1263d7a9313391

SH256 hash:

0f1016beea87c7d751aff9f5ed596b452fdbd3bd9fb5405b76fa62014d89d54b

MD5 hash:

4acfc2f9f2884c08954deda0e3ae1b2c

SHA1 hash:

917dbeb3cba4772baf2bfa4a64630d8427571e9a

Link:

https://www.unpac.me/results/84945c72-5770-43b9-a78b-4e3546ff7cde/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.24

Link:

https://yomi.yoroi.company/submissions/0f1016beea87c7d751aff9f5ed596b452fdbd3bd9fb5405b76fa62014d89d54b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll 0f1016beea87c7d751aff9f5ed596b452fdbd3bd9fb5405b76fa62014d89d54b

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/923922/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample