MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1d00275235ee548ab9a9e75b6a5c78bd94a95b5611494f633f2173e3fba11fbc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1d00275235ee548ab9a9e75b6a5c78bd94a95b5611494f633f2173e3fba11fbc
SHA3-384 hash: 91c27db255b03becbd563fe34239ace99607875f1ed7e278977260d88c0a580f51f8e8cd5bd2698bf5d51f885119c977
SHA1 hash: 224ece27b2d1e22fda58fb913269a9de0c5e7da4
MD5 hash: f43fbf20add9a8a3f7328a9104b5e470
humanhash: july-hotel-fillet-lemon
File name:xkgp0.bin
Download: download sample
Signature Dridex
Create hunting rule
File size:159'744 bytes
First seen:2020-11-30 16:44:14 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash d018da091368ddf894984e8df4922b17 (3 x Dridex)
ssdeep 3072:P04MGfObYfRcmyT79rK3WLLnjsIMU8Tr5XgRq:P04MepcmyT7w3WLBMU8xX
Threatray 32 similar samples on MalwareBazaar
TLSH BFF3D08422606CF3C3B25F325213BB2AF9B5AC0E8926DB45CACE3DB5DBDD1841516E1D
Reporter j_dubp
Tags:Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
174
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/106074/
Detection(s):
SecuriteInfo.com.Generic.mg.275e621895d2a822.31741.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/551137
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 324685 Sample: xkgp0.bin Startdate: 30/11/2020 Architecture: WINDOWS Score: 52 12 Multi AV Scanner detection for submitted file 2->12 14 Machine Learning detection for sample 2->14 6 loaddll32.exe 1 2->6         started        process3 process4 8 WerFault.exe 3 9 6->8         started        10 WerFault.exe 3 9 6->10         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1d00275235ee548ab9a9e75b6a5c78bd94a95b5611494f633f2173e3fba11fbc/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-11-30 16:45:07 UTC
AV detection:
18 of 28 (64.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=duacourv5zkivonj45nwuxdyxwkksw2wcfeu6yz7efz6h65bd66a._file
Verdict:
unknown
Similar samples:
117575378cdb8417249631f97692b696143e893ba230b972e742f8f3a4f9efaa
Dridex
1c0a62a8d16705a2e1a38e0a4b310dbf40ce71e1a2a4c554e35a15ebfc28cb0f
Dridex
662c21ee2aab3a65de038e9d1d3765093c2dddb0eb4a6ed73799b074f74bb8b9
Dridex
9492c6842475059a6af7f4b8c42e03944f08938243fa393713a5a6a930d79bcd
Dridex
95207a682e024efd1ea2364fd3c19484d70600ee931fb7c1a88d210cebbe8cc6
Dridex
b39e91e4dbc6abd06aaee6598c67c912933d125f291728a65e459209594cad35
Dridex
ca59edc0f721f34fa3178168dcc138947f1370d1672a9653e42eec0327f2ec6a
Dridex
f1f67040aaaaabf6754310829696ba9fd783991ab89e476dfa8c8e698841ce34
Dridex
f60cd98a4336fe0aa9bbb4659676b1be2a9d7fcfc2dfc5ccea2a367abb7a1969
Dridex
fad001d463e892e7844040cabdcfa8f8431c07e7ef1ffd76ffbd190f49d7693d
Dridex
+ 22 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet loader
Link:
https://tria.ge/reports/201130-vk9g4sw4lj/
Behaviour
Suspicious use of WriteProcessMemory
Dridex Loader
Dridex
Malware Config
C2 Extraction:
192.175.111.220:443
64.225.35.35:3098
208.71.173.207:3098
217.79.184.242:4443
Unpacked files
SH256 hash:
0cb521c80f53776162118ed7599cd2428d03ef657afed7e113eac8d7e0efc611
MD5 hash:
613ac39b3587e100319733db128eede9
SHA1 hash:
ac666c8aadf12da371ddea030627bcc886b7c2fe
Detections:
win_dridex_auto
Create hunting rule
Link:
https://www.unpac.me/results/8b9187f6-89a3-42d3-a0a6-3c5ac64c5c9a/
Parent samples :
1d00275235ee548ab9a9e75b6a5c78bd94a95b5611494f633f2173e3fba11fbc
d6ede8bb0efc6675aa83e08fe7c15ac4f273127373d9677c32e64d7314853db3
62c45e44733f5b35caffc143a3e8cdb120b40f49dda103524739d22019d2835a
SH256 hash:
84ea7162e31f865b8f959b247aee0c401471c4e9324529467e17bee163444f1e
MD5 hash:
5af3f23cfce72c0b00830bda17bbfb37
SHA1 hash:
be650f18fb5354ce8ca1371a63329c88bd6dfcf0
Link:
https://www.unpac.me/results/8b9187f6-89a3-42d3-a0a6-3c5ac64c5c9a/
SH256 hash:
1d00275235ee548ab9a9e75b6a5c78bd94a95b5611494f633f2173e3fba11fbc
MD5 hash:
f43fbf20add9a8a3f7328a9104b5e470
SHA1 hash:
224ece27b2d1e22fda58fb913269a9de0c5e7da4
Link:
https://www.unpac.me/results/8b9187f6-89a3-42d3-a0a6-3c5ac64c5c9a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1d00275235ee548ab9a9e75b6a5c78bd94a95b5611494f633f2173e3fba11fbc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

anyrun
any.run
https://app.any.run/tasks/125a9a16-b6fe-4b46-a5b2-ef46f07facf9#
  
Delivery method
Distributed via e-mail link
Cape
Cape
https://www.capesandbox.com/analysis/106074/

Comments