MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 12549f44d5c3a2027c7afa47fe16131ae082c80d5e7e1a346ed7bdd19206a58f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Dridex

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	12549f44d5c3a2027c7afa47fe16131ae082c80d5e7e1a346ed7bdd19206a58f
SHA3-384 hash:	718f5f29e8d330f354b77356611e68428d45d2a054cc64e8a50cdf36860cdd2ba2e542f7001f883c1a1aaffbe6089d0f
SHA1 hash:	296aa96504f164cb3dda507313d26b01bbbc08d3
MD5 hash:	b035665ad911c3e0ebe5f33fc8d53d5f
humanhash:	comet-harry-oven-johnny
File name:	b035665ad911c3e0ebe5f33fc8d53d5f.dll
Download:	download sample
Signature	Dridex Create hunting rule
File size:	2'588 bytes
First seen:	2021-02-14 19:43:08 UTC
Last seen:	2021-02-14 21:56:59 UTC
File type:	dll
MIME type:	application/x-dosexec
ssdeep	48:ynpVotFuVIJcB3QH6mj0oOILomdrd/2e9ZOISM0t2+Wc:xFuLQHro9PKr8t/sw
TLSH	7751EE32FA5CDBA7C47908BA09A35E4DA33909FE03218A87167C104A96751E53E6F209
Reporter	abuse_ch
Tags:	dll Dridex

Intelligence

File Origin

# of uploads :

# of downloads :

180

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/117099/

Detection(s):

SecuriteInfo.com.ArtemisTrojan.29066.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

clean

Classification:

n/a

Score:

4 / 100

Link:

https://www.joesandbox.com/analysis/607654

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/12549f44d5c3a2027c7afa47fe16131ae082c80d5e7e1a346ed7bdd19206a58f/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=cjkj6rgvyorae7d27jd74fqtdlqifsanlz7bundo2665deqguwhq._file

Verdict:

unknown

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210214-rvtlcr9enx/

Behaviour

Suspicious use of WriteProcessMemory

Unpacked files

SH256 hash:

12549f44d5c3a2027c7afa47fe16131ae082c80d5e7e1a346ed7bdd19206a58f

MD5 hash:

b035665ad911c3e0ebe5f33fc8d53d5f

SHA1 hash:

296aa96504f164cb3dda507313d26b01bbbc08d3

Link:

https://www.unpac.me/results/cf496cce-444c-432d-80c8-b9f80da4c9b1/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.30

Link:

https://yomi.yoroi.company/submissions/12549f44d5c3a2027c7afa47fe16131ae082c80d5e7e1a346ed7bdd19206a58f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 12549f44d5c3a2027c7afa47fe16131ae082c80d5e7e1a346ed7bdd19206a58f

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/995070/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/117099/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample