MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1db38d773d052e456749bb5fe1fd6ef045dedd30b8b1a0ae42bb62c26e9a2f18. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1db38d773d052e456749bb5fe1fd6ef045dedd30b8b1a0ae42bb62c26e9a2f18
SHA3-384 hash: 913ce25b019325e31d324a4da6db19ead1d0490fadb18bd36d111d37cd4f291aa8963ea9c8c3546e2a98b25a562b01f0
SHA1 hash: 90de9d110767c00b2837d437a7ef0dfde2728621
MD5 hash: 3bca5e5780416e77c63ed4385be56d2c
humanhash: april-fix-kilo-nevada
File name:3bca5e5780416e77c63ed4385be56d2c.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:331'776 bytes
First seen:2020-09-25 10:01:48 UTC
Last seen:2020-09-25 10:47:14 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 76ca4b0770cd5a3fae865eb520597417 (6 x Dridex)
ssdeep 6144:VudIKJ4hF7popQTRq3va4jl6u31Ut+Ji370HnBs4NeuVCC:j7yUReva4jlNoQnBXek1
Threatray 64 similar samples on MalwareBazaar
TLSH 2964D17F32E9619CF7BBABB885B40216456A3DEAAD38D58D03011C698363374CCD5B72
Reporter abuse_ch
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
2
# of downloads :
167
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Trojan.Dridex.735.27701.12514.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/474974
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 289936 Sample: FiKEz8FTLp.dll Startdate: 25/09/2020 Architecture: WINDOWS Score: 52 10 Multi AV Scanner detection for submitted file 2->10 12 Machine Learning detection for sample 2->12 6 loaddll32.exe 1 2->6         started        process3 process4 8 WerFault.exe 6 9 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1db38d773d052e456749bb5fe1fd6ef045dedd30b8b1a0ae42bb62c26e9a2f18/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-09-21 17:49:52 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dwzy25z5auxekz2jxnp6d7lo6bc55xjqxcy2blscxnrme3u2f4ma._file
Verdict:
malicious
Label(s):
dridex
Create hunting rule
emotet
Create hunting rule
Similar samples:
2d7c7b9472f1f4bb2f678822f16e8575971574ba763bd9e98fdb7d8b2a8f5d2e
Dridex
5b4337f9ae1d91113c91abd0da39794d8aa216b149562440de541ca99618840d
Dridex
5d2e121c650aea3012ab7891236953dd3b09672788a7be2e4a74716c59e94d98
Dridex
69f0200223c9d03d6150c4d0e5bab6dd5654618400716a84a61dc018dc61e57f
Dridex
92794ce2b86f5636b0636952f7ac4b02f0fd664b5f479372d64aa779d376a7a2
Dridex
982a3c6dda59afa109d2f596ad59ba1330d0c45aa7b6068e7c5c5e15d8fca878
Dridex
ac9bdf7234d6fdcb50f8be07e0eadbcec5e07e028aa44d85cda6805a24d86e62
Dridex
bdf8709d58ab512229a343fba8788770076afd816dc2e9a9abcb803d72bf84b4
Dridex
c4a5fb821fb93ebac8bf91a8cb2097c6f920528bc3803bcd26d70e1f1bd9b201
Dridex
f513355f3b913c24be0ba4e03d4f855b953bb8a616368c5a217d33988742f871
Dridex
+ 54 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
botnet loader family:dridex
Link:
https://tria.ge/reports/200925-tfhmp9hgk6/
Behaviour
Suspicious use of WriteProcessMemory
Dridex Loader
Dridex
Malware Config
C2 Extraction:
51.75.24.85:443
46.22.116.163:3074
173.249.46.113:3889
192.241.174.45:4443
Unpacked files
SH256 hash:
1db38d773d052e456749bb5fe1fd6ef045dedd30b8b1a0ae42bb62c26e9a2f18
MD5 hash:
3bca5e5780416e77c63ed4385be56d2c
SHA1 hash:
90de9d110767c00b2837d437a7ef0dfde2728621
Link:
https://www.unpac.me/results/57169ac7-aa59-49b3-b726-c2d23b58e867/
SH256 hash:
93c2cae4274cfcdf9225ccfde63b0b448703ace06b55ed15e79222ad948e31c3
MD5 hash:
b4fb6403d3091f54469043032b154330
SHA1 hash:
e90d625d92f4c3ea3e7b94172dae7c7d6bab81d1
Link:
https://www.unpac.me/results/57169ac7-aa59-49b3-b726-c2d23b58e867/
SH256 hash:
fad520c254c454082f4e306a38fb6cfc28cb5d5dde2bba62f17c01525f7ed8a0
MD5 hash:
b0eb6113378cac5460b3080e9ace888a
SHA1 hash:
f9997e2048f6b6379f5934e9d03e82d9d7846b24
Detections:
win_dridex_auto
Create hunting rule
Link:
https://www.unpac.me/results/57169ac7-aa59-49b3-b726-c2d23b58e867/
Parent samples :
31d883327033b6efb446e9416952c638152072095e6fbfab537b74bee477b6ca
25d838419ca42f920a05afe582e328ca7bc5d498ae642b20f114b4415077d7f9
1db38d773d052e456749bb5fe1fd6ef045dedd30b8b1a0ae42bb62c26e9a2f18
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Dridex
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1db38d773d052e456749bb5fe1fd6ef045dedd30b8b1a0ae42bb62c26e9a2f18

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 1db38d773d052e456749bb5fe1fd6ef045dedd30b8b1a0ae42bb62c26e9a2f18

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/65784/
  
URLhaus
https://urlhaus.abuse.ch/url/585783/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/585776/

Comments