MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1d4b85e1b491f06bde4c24dba1add4699ba5cebae563eda46aed25b085a139a7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1d4b85e1b491f06bde4c24dba1add4699ba5cebae563eda46aed25b085a139a7
SHA3-384 hash: 77321f0dc72174a1120582a7861f7900fee254547a5ebf8eaccea69a9bba68f7d0b36a4b5ddcc220f9ad9d2d6f52b837
SHA1 hash: f53a9734ab4fa05eb43627fde95b44206eb5b32e
MD5 hash: 3449f7185f5bbe30c0f1af3c27123143
humanhash: mirror-tennis-maryland-oscar
File name:zfaFOUkR.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:204'800 bytes
First seen:2020-12-24 06:51:00 UTC
Last seen:2020-12-24 08:54:15 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash ff4887da2f409d7cc45957b36b659281 (2 x Dridex)
ssdeep 3072:24jjoaPs7Our2PG+z9axt25Oer1XNPVscXKIXtpKvOj0uYOx2Ju:9joH2++zlxVX7+2bh
Threatray 42 similar samples on MalwareBazaar
TLSH 2914BD02EFA72B00FC2706FF58DC45525C31BC228932E96AA5D3379A65FDA178F50369
Reporter JAMESWT_WT
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
2
# of downloads :
569
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/109292/
Detection(s):
SecuriteInfo.com.Trojan.Agent.FBCE.5348.17605.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/569583
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 333852 Sample: zfaFOUkR.dll Startdate: 24/12/2020 Architecture: WINDOWS Score: 52 12 Multi AV Scanner detection for submitted file 2->12 14 Machine Learning detection for sample 2->14 6 loaddll32.exe 1 2->6         started        process3 process4 8 WerFault.exe 3 9 6->8         started        10 WerFault.exe 3 9 6->10         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1d4b85e1b491f06bde4c24dba1add4699ba5cebae563eda46aed25b085a139a7/
Threat name:
Win32.Trojan.Drixed
Create hunting rule
Status:
Malicious
First seen:
2020-12-24 06:51:04 UTC
File Type:
PE (Dll)
Extracted files:
15
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dvfylynushygxxsmetn2dloungn2ltv24vr63jdk5us3bbnbhgtq._file
Verdict:
unknown
Similar samples:
07ef09d52046d7f370a8eb7a0058834eec30b59424d2a804bad3a1794e7c0f61
Dridex
662c21ee2aab3a65de038e9d1d3765093c2dddb0eb4a6ed73799b074f74bb8b9
Dridex
7db09fec761120eba416f2047447c5c3f0954f39ca5ed26086e099c28bd349bf
Dridex
7eb170f9d34ad87ab2de388464d87041290fa7baacb2284d8ff02f358c46becd
Dridex
8d00cb0248e3933ec12d2e303c058d0dd83eea88fc9191c4ad6a9afaeeb092dd
Dridex
9290d818ef8373a1ba99a14b5982552648ea54fc9ed468019a1ab2a4f833e6a2
Dridex
9407254f8870565c27d6f5328a8b517a2a4788174da2880d0f2e33c6890077b3
Dridex
e3b60fe46c471044d46462de8b2dfda807d75b36dc0a6938b6cf20f554042018
Dridex
e94e13000b458fea9b3da107479516b9f568dfeed7010747d1ab36d2ee363286
Dridex
f0ecc44eacafdb97e9a84785bbdcffce312393c0e219d27040b42a3d4c93f45e
Dridex
+ 32 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet loader
Link:
https://tria.ge/reports/201224-qjasjm7pd6/
Behaviour
Suspicious use of WriteProcessMemory
Dridex Loader
Dridex
Malware Config
C2 Extraction:
51.75.24.85:443
213.202.229.72:3074
202.91.8.121:4643
195.231.69.151:3889
Unpacked files
SH256 hash:
cc212591fdb894c457ab2046010527068c9148f61232828ff30e0232407f2332
MD5 hash:
3fbbe90f965ff0a1cc7a13059b61cad6
SHA1 hash:
40e87542a9eb45da8433eaf84eda4abd4efe4b6a
Link:
https://www.unpac.me/results/85db0310-6ddd-4823-9bf0-2ce110dc4c62/
SH256 hash:
5599afc1f78db4e3d974434487fb3af1527d9688b3e01d90433cc0d7104855c7
MD5 hash:
d7f65036d4c0e330a3a4c5306fdaf6dd
SHA1 hash:
0661d575eac702962097448e6e5f2e589ac020b3
Detections:
win_dridex_auto
Create hunting rule
Link:
https://www.unpac.me/results/85db0310-6ddd-4823-9bf0-2ce110dc4c62/
Parent samples :
8d00cb0248e3933ec12d2e303c058d0dd83eea88fc9191c4ad6a9afaeeb092dd
1d4b85e1b491f06bde4c24dba1add4699ba5cebae563eda46aed25b085a139a7
SH256 hash:
1d4b85e1b491f06bde4c24dba1add4699ba5cebae563eda46aed25b085a139a7
MD5 hash:
3449f7185f5bbe30c0f1af3c27123143
SHA1 hash:
f53a9734ab4fa05eb43627fde95b44206eb5b32e
Link:
https://www.unpac.me/results/85db0310-6ddd-4823-9bf0-2ce110dc4c62/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.24
Link:
https://yomi.yoroi.company/submissions/1d4b85e1b491f06bde4c24dba1add4699ba5cebae563eda46aed25b085a139a7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/109292/

Comments