MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 148026042a20a170fb56b258538a078be324b0493746bbf5ea17704c99e38486. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Dridex

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	148026042a20a170fb56b258538a078be324b0493746bbf5ea17704c99e38486
SHA3-384 hash:	145f691302cf36079c45207b9d4beb09abe8c89d64d76d609a8fce0316bcfd86ff89d68b2d9a6a0bab9e6eb299d185a8
SHA1 hash:	4708d2e1904133066fcf583d56b9519276aaa350
MD5 hash:	14dd58e9a4f26d24beb65e6c3cb50ad2
humanhash:	july-batman-alabama-river
File name:	SecuriteInfo.com.BScope.Trojan.Encoder.16129
Download:	download sample
Signature	Dridex Create hunting rule
File size:	425'984 bytes
First seen:	2020-12-03 06:00:49 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	e47080db06a062f63d1cd77dfcfea652 (4 x Dridex)
ssdeep	12288:zGTOGQ7DstX8FM9zxh/d/GMqLTXRxgexeiYyfndmLBMy:llsx8FMhReMqLzRxxxAem9M
Threatray	190 similar samples on MalwareBazaar
TLSH	B294AECB4B854E71EAD327B86739BB33016DAC3BA6008D67B798344C0DB1644EC57B92
Reporter	SecuriteInfoCom

Intelligence

File Origin

# of uploads :

# of downloads :

100

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/106479/

Detection(s):

SecuriteInfo.com.BScope.Trojan.Encoder.16129.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Sending a custom TCP request

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Dridex

Detection:

malicious

Classification:

bank

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/554254

Signature

Detected Dridex e-Banking trojan

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/148026042a20a170fb56b258538a078be324b0493746bbf5ea17704c99e38486/

Threat name:

Win32.Infostealer.Dridex

Status:

Malicious

First seen:

2020-12-03 03:39:46 UTC

AV detection:

23 of 28 (82.14%)

Threat level:

5/5

Verdict:

malicious

Label(s):

dridex

Result

Malware family:

dridex

Score:

10/10

Tags:

family:dridex botnet discovery evasion loader trojan

Link:

https://tria.ge/reports/201203-mk4s2rzdqn/

Behaviour

Suspicious use of WriteProcessMemory

Checks installed software on the system

Checks whether UAC is enabled

Blacklisted process makes network request

Dridex Loader

Dridex

Malware Config

C2 Extraction:

185.59.223.86:443
123.231.252.10:4646
85.25.109.116:3889
91.83.93.89:4643

Unpacked files

SH256 hash:

4e6e615f43887c99c034c97b1b3ff9e234e050edbab00653863c245b6799025b

MD5 hash:

90a8d9f6678a8025dfc26115e4907eeb

SHA1 hash:

f1147f54f2edcb63ce692c1b1b959c359fe0e831

Link:

https://www.unpac.me/results/4c959c85-2b3b-4eb6-af7a-4bc50cc0a664/

SH256 hash:

148026042a20a170fb56b258538a078be324b0493746bbf5ea17704c99e38486

MD5 hash:

14dd58e9a4f26d24beb65e6c3cb50ad2

SHA1 hash:

4708d2e1904133066fcf583d56b9519276aaa350

Link:

https://www.unpac.me/results/4c959c85-2b3b-4eb6-af7a-4bc50cc0a664/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Kryptik

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/148026042a20a170fb56b258538a078be324b0493746bbf5ea17704c99e38486

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 148026042a20a170fb56b258538a078be324b0493746bbf5ea17704c99e38486

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/884138/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/883585/

URLhaus

https://urlhaus.abuse.ch/url/884093/

URLhaus

https://urlhaus.abuse.ch/url/884019/

URLhaus

https://urlhaus.abuse.ch/url/883769/

URLhaus

https://urlhaus.abuse.ch/url/883587/

URLhaus

https://urlhaus.abuse.ch/url/884091/

URLhaus

https://urlhaus.abuse.ch/url/883839/

URLhaus

https://urlhaus.abuse.ch/url/884204/

URLhaus

https://urlhaus.abuse.ch/url/884089/

URLhaus

https://urlhaus.abuse.ch/url/882778/

URLhaus

https://urlhaus.abuse.ch/url/882773/

URLhaus

https://urlhaus.abuse.ch/url/883588/

URLhaus

https://urlhaus.abuse.ch/url/884206/

URLhaus

https://urlhaus.abuse.ch/url/883838/

URLhaus

https://urlhaus.abuse.ch/url/884415/

URLhaus

https://urlhaus.abuse.ch/url/882810/

URLhaus

https://urlhaus.abuse.ch/url/884028/

URLhaus

https://urlhaus.abuse.ch/url/884021/

URLhaus

https://urlhaus.abuse.ch/url/883584/

URLhaus

https://urlhaus.abuse.ch/url/883564/

URLhaus

https://urlhaus.abuse.ch/url/882790/

URLhaus

https://urlhaus.abuse.ch/url/884238/

URLhaus

https://urlhaus.abuse.ch/url/884140/

URLhaus

https://urlhaus.abuse.ch/url/884094/

URLhaus

https://urlhaus.abuse.ch/url/883841/

URLhaus

https://urlhaus.abuse.ch/url/884029/

URLhaus

https://urlhaus.abuse.ch/url/883696/

URLhaus

https://urlhaus.abuse.ch/url/883597/

URLhaus

https://urlhaus.abuse.ch/url/883731/

URLhaus

https://urlhaus.abuse.ch/url/884412/

URLhaus

https://urlhaus.abuse.ch/url/884355/

URLhaus

https://urlhaus.abuse.ch/url/884411/

URLhaus

https://urlhaus.abuse.ch/url/883586/

URLhaus

https://urlhaus.abuse.ch/url/883992/

URLhaus

https://urlhaus.abuse.ch/url/884097/

URLhaus

https://urlhaus.abuse.ch/url/884098/

URLhaus

https://urlhaus.abuse.ch/url/884195/

URLhaus

https://urlhaus.abuse.ch/url/884090/

URLhaus

https://urlhaus.abuse.ch/url/884201/

URLhaus

https://urlhaus.abuse.ch/url/882775/

URLhaus

https://urlhaus.abuse.ch/url/884022/

URLhaus

https://urlhaus.abuse.ch/url/884414/

URLhaus

https://urlhaus.abuse.ch/url/883836/

URLhaus

https://urlhaus.abuse.ch/url/883589/

URLhaus

https://urlhaus.abuse.ch/url/884350/

URLhaus

https://urlhaus.abuse.ch/url/882769/

URLhaus

https://urlhaus.abuse.ch/url/884196/

URLhaus

https://urlhaus.abuse.ch/url/884035/

URLhaus

https://urlhaus.abuse.ch/url/882791/

URLhaus

https://urlhaus.abuse.ch/url/884209/

URLhaus

https://urlhaus.abuse.ch/url/884339/

URLhaus

https://urlhaus.abuse.ch/url/884205/

URLhaus

https://urlhaus.abuse.ch/url/883590/

URLhaus

https://urlhaus.abuse.ch/url/883840/

URLhaus

https://urlhaus.abuse.ch/url/884202/

URLhaus

https://urlhaus.abuse.ch/url/883019/

URLhaus

https://urlhaus.abuse.ch/url/884346/

URLhaus

https://urlhaus.abuse.ch/url/884241/

URLhaus

https://urlhaus.abuse.ch/url/882811/

URLhaus

https://urlhaus.abuse.ch/url/883558/

URLhaus

https://urlhaus.abuse.ch/url/884236/

URLhaus

https://urlhaus.abuse.ch/url/883837/

URLhaus

https://urlhaus.abuse.ch/url/884139/

URLhaus

https://urlhaus.abuse.ch/url/883727/

URLhaus

https://urlhaus.abuse.ch/url/884023/

Cape

https://www.capesandbox.com/analysis/106479/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample