MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 180a6935034ffeac72d7f1d0bd6fcb1efc21dda1b7408865a414a7ba683678f9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 180a6935034ffeac72d7f1d0bd6fcb1efc21dda1b7408865a414a7ba683678f9
SHA3-384 hash: a2cc25d3fac1b0d7aa56178687c07420a6b597865b1587c295cad1b936a5ec29658aac1aa1f4b424edb11b7815d61514
SHA1 hash: a6b7156c416a7bd0386655754e043369faa25c02
MD5 hash: 2b30b2bf8b20ef4f44ac2cf7ebeff137
humanhash: friend-march-robin-king
File name:b6zicnzip
Download: download sample
Signature Dridex
Create hunting rule
File size:536'576 bytes
First seen:2020-11-12 17:27:24 UTC
Last seen:2024-07-24 11:40:28 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 9437ef2f8f48676ac848f8b4f2a41835 (1 x Dridex)
ssdeep 12288:Hjuk97bpP+V6FkxHu4UYoNNqbPlefS0Y:SvJeGDYfSf
Threatray 110 similar samples on MalwareBazaar
TLSH 51B45B113652842DF32F8F3C8857D5F45AC6BCA249793AE736D91DA7EF2320368A1346
Reporter JAMESWT_WT
Tags:Dridex

Intelligence

File Origin
# of uploads :
4
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.ML.PE-A.18413.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/533061
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 315634 Sample: b6zicnzip Startdate: 12/11/2020 Architecture: WINDOWS Score: 48 12 Multi AV Scanner detection for submitted file 2->12 6 loaddll32.exe 1 2->6         started        process3 process4 8 rundll32.exe 6->8         started        10 rundll32.exe 6->10         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/180a6935034ffeac72d7f1d0bd6fcb1efc21dda1b7408865a414a7ba683678f9/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-11-12 17:29:03 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
24e9d45999add1dac491b4c3cfb55b77b95a46bc693eec9df56d6194b7fbe25e
Dridex
2fc3cb59c6857ff712e6fb5f29536a51962edd2ef374e6f2cd18c9145d275c9f
Dridex
59bcb00ad3c245e8c5b1de2341cc494a469513019a972f874f775b2266cd5015
Dridex
79a3a7441a371606291f8bd47216a503b27a38ec61ba7604c9ba2597a54cc3d8
Dridex
91c376e46a03fd60bd99fac07389eea32d1098ee23ac154aedd90025bc64528a
Dridex
b7416f6229dae7bc167f6f18c25b993c7c11a88a139a77178102bd7ca84c469c
Dridex
b7a5135fb78a58682cc0de111468bb007d1f8c78bbd561d3f155809b6e991a29
Dridex
d554bef77e35bbaa325fc61e5bca1ae419f9b2222110c913eb09b9369563c061
Dridex
e82b0b808ec6cf97f4318b3db1e7ac06cfd5b3e04569f61830e3f58fc34eb75b
Dridex
fa4745a9f86a7516cc6fdf77834b1b9ab83ba3a29743461eabe2bec180c9de86
Dridex
+ 100 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet discovery evasion loader trojan
Link:
https://tria.ge/reports/201112-ezj9pbdbq2/
Behaviour
Suspicious use of WriteProcessMemory
Checks installed software on the system
Checks whether UAC is enabled
Blacklisted process makes network request
Dridex Loader
Dridex
Malware Config
C2 Extraction:
77.220.64.39:443
69.164.207.140:3388
78.47.139.43:4443
103.244.206.74:33443
Unpacked files
SH256 hash:
180a6935034ffeac72d7f1d0bd6fcb1efc21dda1b7408865a414a7ba683678f9
MD5 hash:
2b30b2bf8b20ef4f44ac2cf7ebeff137
SHA1 hash:
a6b7156c416a7bd0386655754e043369faa25c02
Link:
https://www.unpac.me/results/d65a01b9-18ef-4650-afa9-741f1a176e94/
SH256 hash:
fb039e6fdb9e698ddca48ac17d96c4b1026f8653a249ac27641894a15e35e50c
MD5 hash:
6f77430b5e14d73c4bb62f78ac0121e8
SHA1 hash:
f2feee8d433dbf422a19efcc95853d502f748f0c
Link:
https://www.unpac.me/results/d65a01b9-18ef-4650-afa9-741f1a176e94/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DridexLoader
Create hunting rule
Author:kevoreilly
Description:Dridex v4 dropper C2 parsing function
Rule name:win_dridex_loader_v2
Create hunting rule
Author:Johannes Bader @viql
Description:detects some Dridex loaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 180a6935034ffeac72d7f1d0bd6fcb1efc21dda1b7408865a414a7ba683678f9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/811210/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/811216/
  
URLhaus
https://urlhaus.abuse.ch/url/811231/
  
URLhaus
https://urlhaus.abuse.ch/url/811284/
  
URLhaus
https://urlhaus.abuse.ch/url/811285/
  
URLhaus
https://urlhaus.abuse.ch/url/811286/
  
URLhaus
https://urlhaus.abuse.ch/url/811289/
  
URLhaus
https://urlhaus.abuse.ch/url/811610/

Comments