MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1cabf298f73b9af7cd77c9c9646a6238f45e6ac07ed7dd7a44517fd2650d55f2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1cabf298f73b9af7cd77c9c9646a6238f45e6ac07ed7dd7a44517fd2650d55f2
SHA3-384 hash: d430d02549fa534ab10a75181aadb8556b57f15602fa3d32a1ad56621a13d01fb5d7470ed7bda1d4fb8b87662800bae2
SHA1 hash: 9dc06144fda7a84849d30c29d040270ce13e2597
MD5 hash: 3f2022a8d6c765395ca1078ba647cce1
humanhash: london-video-autumn-lemon
File name:3f2022a8d6c765395ca1078ba647cce1.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:475'136 bytes
First seen:2021-04-02 18:10:38 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
ssdeep 12288:ASts0Ljpezsf/Lrxn9AiQwvM8hZDgh6cV3:HtrszsHxfjv7Dg1h
Threatray 6 similar samples on MalwareBazaar
TLSH 3AA4D060BD80E47DEB0D22705C4BEDBD0159FC0466ABB96F32EE2D6F15A1253F05B298
Reporter abuse_ch
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
148
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/131838/
Detection(s):
Win.Malware.Generickdz-9832496-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Dridex
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e409e748-df96-4485-aedf-4190a7a87f7d
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/664103
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 380985 Sample: Dhu2jWdoZG.dll Startdate: 03/04/2021 Architecture: WINDOWS Score: 52 34 Multi AV Scanner detection for submitted file 2->34 36 Machine Learning detection for sample 2->36 14 loaddll32.exe 1 2->14         started        process3 process4 16 cmd.exe 1 14->16         started        process5 18 rundll32.exe 16->18         started        process6 20 rundll32.exe 18->20         started        process7 22 rundll32.exe 20->22         started        process8 24 rundll32.exe 22->24         started        process9 26 rundll32.exe 24->26         started        process10 28 rundll32.exe 26->28         started        process11 30 rundll32.exe 28->30         started        process12 32 rundll32.exe 30->32         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1cabf298f73b9af7cd77c9c9646a6238f45e6ac07ed7dd7a44517fd2650d55f2/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2021-04-02 18:11:18 UTC
AV detection:
20 of 47 (42.55%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dsv7fghxhonpptlxzhewi2tchd2f42wap3l526sekf75ezinkxza._file
Verdict:
unknown
Similar samples:
2529564b6b5098add59e7e05d56f149adada82897d2a62856d72c1d55062943a
Dridex
4707cc2c4a34697dc0cee836a78e30d79785177c65938af845cba3782c9d850b
Dridex
518fc07aac7be8b652f731bfa7733bc8366de9d6e18d2bcce2344d93dc228bdb
Dridex
77734c9865fd31b3551462126dc27387775ba3a969ec1cb4b6c9fccf45ce43dd
Dridex
77d877ee5c36b18049942136221236b2f650080bf3dd7ca883bcb00ba9582d18
Dridex
90863c25acfef94ef17cef7773c06a54104d104f03a261df2e78415e0d7682aa
Dridex
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210402-b78hwcz3m6/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
1cabf298f73b9af7cd77c9c9646a6238f45e6ac07ed7dd7a44517fd2650d55f2
MD5 hash:
3f2022a8d6c765395ca1078ba647cce1
SHA1 hash:
9dc06144fda7a84849d30c29d040270ce13e2597
Link:
https://www.unpac.me/results/4a3f5d5e-a5f4-4565-8a93-d242620538da/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1cabf298f73b9af7cd77c9c9646a6238f45e6ac07ed7dd7a44517fd2650d55f2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 1cabf298f73b9af7cd77c9c9646a6238f45e6ac07ed7dd7a44517fd2650d55f2

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/977471/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/131838/

Comments