MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 176d3e38c6782bf313d6d5f23a14f2e7692181ee50a7b2a2b130caae82e46148. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 176d3e38c6782bf313d6d5f23a14f2e7692181ee50a7b2a2b130caae82e46148
SHA3-384 hash: 9b1ac5ad467945260d5146434c6fafcf2885a9c0ade6414afbd3f9a05a156b693137635385326d262bf00075eaac3e67
SHA1 hash: 1aee22f98f546977d0df7c36e8c583915d003a6c
MD5 hash: cc810495ba0d64d3b6081d6006607bc2
humanhash: bravo-tango-saturn-oxygen
File name:cc810495ba0d64d3b6081d6006607bc2
Download: download sample
Signature Dridex
Create hunting rule
File size:524'288 bytes
First seen:2021-12-20 17:12:24 UTC
Last seen:2021-12-21 14:06:21 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 5ad3b93adc2f9b7a31e634988c069f77 (85 x Dridex)
ssdeep 12288:O2cK4kV9W/k7MNKABzMyLi8E6+DnOM2Swyugn:hkMs9
Threatray 5'674 similar samples on MalwareBazaar
TLSH T1CAB4AF92960F6767E43C32B3E8E36436AB434F280DD4BDE5BA00764F733D498649D686
Reporter zbetcheckin
Tags:32 dll Dridex exe

Intelligence

File Origin
# of uploads :
6
# of downloads :
155
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Lazy.88453.22887.31267.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/61c0b9a58991ba72b38ecf96/reports/9cbd048a-40df-40e5-aa06-3cf1294cef78/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Dridex
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ef95d6d9-2800-4f8c-8d91-96e35dd3bd39
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/910467
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Tries to delay execution (extensive OutputDebugStringW loop)
Yara detected Dridex unpacked file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 542949 Sample: p60XVV2u42 Startdate: 20/12/2021 Architecture: WINDOWS Score: 80 22 89.31.56.58 UNITHOST-ASNL Netherlands 2->22 24 51.159.52.196 OnlineSASFR France 2->24 26 2 other IPs or domains 2->26 28 Found malware configuration 2->28 30 Multi AV Scanner detection for submitted file 2->30 32 Yara detected Dridex unpacked file 2->32 34 3 other signatures 2->34 9 loaddll32.exe 1 2->9         started        signatures3 process4 signatures5 36 Tries to delay execution (extensive OutputDebugStringW loop) 9->36 12 cmd.exe 1 9->12         started        14 rundll32.exe 9->14         started        process6 process7 16 rundll32.exe 12->16         started        18 WerFault.exe 9 14->18         started        process8 20 WerFault.exe 23 9 16->20         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/176d3e38c6782bf313d6d5f23a14f2e7692181ee50a7b2a2b130caae82e46148/
Threat name:
Win32.Trojan.KryptikAGen
Create hunting rule
Status:
Malicious
First seen:
2021-12-20 17:13:10 UTC
File Type:
PE (Dll)
AV detection:
24 of 28 (85.71%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=c5wt4oggpav7ge6w2xzdufhs45usdapokct3fivrgdfk5axemfea._file
Verdict:
malicious
Label(s):
doppeldridex
Create hunting rule
dridex
Create hunting rule
Similar samples:
2ed4c30203ad5091fac0cb694f5dca3af5a591e0de6a56a0dfb51f20ba82fbc9
Dridex
4e41e0a0750125693aeadde94e11f23f9b29a81b26b41463117bd39d19374f84
Dridex
69c083542e53579cfd344f93d7109f13a676adf4d73fa41425b3b0fa1dc702e4
Dridex
752cc527d4c57db8e25158c476c2cc059c688d68b869428f1c5fce651e47a4b2
Dridex
b3f2455dbdfadfdb76026bff37d4180f90b8dcfed7ce84043e2fcef4ae33b5e1
Dridex
e5607a5a103d6bc04f97ffdeea63ba4629a6f99d55d89d2b2047e6d61c539357
Dridex
ee14add8eb5342d6c672dbff573b0737ac4f718f06d2881f9d319e6c806db770
Dridex
+ 5'664 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet:22203 botnet loader
Link:
https://tria.ge/reports/211220-vreasabcf9/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Dridex Loader
Dridex
Malware Config
C2 Extraction:
51.159.52.196:443
134.209.247.135:6602
194.233.68.48:5228
89.31.56.58:593
Unpacked files
SH256 hash:
176d3e38c6782bf313d6d5f23a14f2e7692181ee50a7b2a2b130caae82e46148
MD5 hash:
cc810495ba0d64d3b6081d6006607bc2
SHA1 hash:
1aee22f98f546977d0df7c36e8c583915d003a6c
Link:
https://www.unpac.me/results/381362dd-3d42-4051-9369-19fad03e4f5b/
Malware family:
Dridex
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/176d3e38c678/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/176d3e38c6782bf313d6d5f23a14f2e7692181ee50a7b2a2b130caae82e46148

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 176d3e38c6782bf313d6d5f23a14f2e7692181ee50a7b2a2b130caae82e46148

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1902484/
  
URLhaus
https://urlhaus.abuse.ch/url/1902496/

Comments


Avatar
zbet commented on 2021-12-20 17:12:25 UTC

url : hxxp://dev2-admin.ycbnt.net/F0Z/HLYbnfSQpxkkklgbtq.bin