MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 230faee590b012da2bc8fcd3bb46405e4223f3b4dd0de58574d72a602ba0e742. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 230faee590b012da2bc8fcd3bb46405e4223f3b4dd0de58574d72a602ba0e742
SHA3-384 hash: 0d713e0021a9a941dc1c4a6a405caa23f665b0a0c1d19b48241280eedf37ec03c6e67c7c6f95514e9cb73a5464231337
SHA1 hash: e32ba357ee9470e28ead83ae55a440ed8e82345a
MD5 hash: facdc04f596ce643f00267865db38d10
humanhash: mobile-dakota-music-sink
File name:no9fhj0nczip
Download: download sample
Signature Dridex
Create hunting rule
File size:425'984 bytes
First seen:2020-12-02 19:18:32 UTC
Last seen:2020-12-02 21:21:38 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 274fc22e1fae5a9411dda79d4318724d (1 x Dridex)
ssdeep 12288:73GTOGQ7DstX8FM9zxh/d/GMqLTXiLTKyfndmLBMy:7xlsx8FMhReMqLziaem9M
Threatray 187 similar samples on MalwareBazaar
TLSH 7094AEC65AC14E71EBE21B38662ABBB3069D6C3BD1114D77B7B8314C1DB0144E867BB2
Reporter JAMESWT_WT
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
2
# of downloads :
182
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/106448/
Detection(s):
SecuriteInfo.com.BScope.Trojan.Encoder.8883.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Sending a custom TCP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
bank
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/553995
Signature
Detected Dridex e-Banking trojan
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/230faee590b012da2bc8fcd3bb46405e4223f3b4dd0de58574d72a602ba0e742/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-12-02 19:19:02 UTC
File Type:
PE (Dll)
Extracted files:
26
AV detection:
18 of 28 (64.29%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
2c6110a76dda8da49195052fa561ab8b8278c02df400124e46d26d2df228b70b
Dridex
8ceb186696c9bda47466e5ecd1d0f0d5f93318e8bdc6b42454dd3be884e99e33
Dridex
9ca6330ecc859154893e48bed53317005670c23c5d58bca8e991177cbb7324e9
Dridex
a1658b979357f174c83dcd9867941d8cd917beb3ea67720fa43b6340b27762ba
Dridex
a888a7f5140bad661317264229075089b1c8e1267984b3d495a39a5f5638a419
Dridex
b12b65a39a6261016b7473cfd08c316cee6958739e00bb746331bdfb52b4b0bb
Dridex
bd0d627ee3975e635af6f305cd303e77ed0d03e59d5de8334b3ea00ff771af0d
Dridex
d5ae179e561ca5d1c70064a4566d38475d070047fff325b5e12caa4132232c5c
Dridex
e20dadb65651d81743aae5451f4f63d6fd7a7da48d4bf71af247a033ac46ee11
Dridex
ee492eda053d19e082cd88acef8825e8dfd4616d51689e2e9667f5ed9035b1df
Dridex
+ 177 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet discovery evasion loader trojan
Link:
https://tria.ge/reports/201202-qwx2t1bj5e/
Behaviour
Suspicious use of WriteProcessMemory
Checks installed software on the system
Checks whether UAC is enabled
Blacklisted process makes network request
Dridex Loader
Dridex
Malware Config
C2 Extraction:
185.59.223.86:443
123.231.252.10:4646
85.25.109.116:3889
91.83.93.89:4643
Unpacked files
SH256 hash:
230faee590b012da2bc8fcd3bb46405e4223f3b4dd0de58574d72a602ba0e742
MD5 hash:
facdc04f596ce643f00267865db38d10
SHA1 hash:
e32ba357ee9470e28ead83ae55a440ed8e82345a
Link:
https://www.unpac.me/results/a409d2f0-1a9c-490a-8ad1-24d6ede1c3b2/
SH256 hash:
d51f45c06e0e2ccc50c218313041c3acadecffc42556351b49ebd4bbe43df9ba
MD5 hash:
7cb3be09fe66c790137854ccf8d804a8
SHA1 hash:
cfb563439b14ebd095107ccc79f715313630874b
Link:
https://www.unpac.me/results/a409d2f0-1a9c-490a-8ad1-24d6ede1c3b2/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Tibs
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/230faee590b012da2bc8fcd3bb46405e4223f3b4dd0de58574d72a602ba0e742

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 230faee590b012da2bc8fcd3bb46405e4223f3b4dd0de58574d72a602ba0e742

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/882811/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/882769/
  
URLhaus
https://urlhaus.abuse.ch/url/883019/
  
URLhaus
https://urlhaus.abuse.ch/url/882810/
  
URLhaus
https://urlhaus.abuse.ch/url/882791/
  
URLhaus
https://urlhaus.abuse.ch/url/882778/
  
URLhaus
https://urlhaus.abuse.ch/url/882773/
  
URLhaus
https://urlhaus.abuse.ch/url/882812/
  
URLhaus
https://urlhaus.abuse.ch/url/882790/
  
URLhaus
https://urlhaus.abuse.ch/url/882775/
  
URLhaus
https://urlhaus.abuse.ch/url/882776/
Cape
Cape
https://www.capesandbox.com/analysis/106448/

Comments