MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 27560c14d4e14a32b62e063af836be3308bf923eac063be28d49b04c6e279bde. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 27560c14d4e14a32b62e063af836be3308bf923eac063be28d49b04c6e279bde
SHA3-384 hash: ce5919d9cfc893d4618f054049b83b12e6128f2dde7983dea737ca1d0f6483077a253d9ab12f863c3228c9927698cb93
SHA1 hash: 545c9019b221759465c38bd6c1239cb399552562
MD5 hash: ff525b560610f8a1727041d92941b9fa
humanhash: ceiling-uniform-item-don
File name:edrfgergzip
Download: download sample
Signature Dridex
Create hunting rule
File size:331'776 bytes
First seen:2020-09-08 13:48:16 UTC
Last seen:2020-09-08 16:16:06 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 9d2a45807ce72b6c39806f12c1ae64fa (7 x Dridex)
ssdeep 6144:hTMLzzXB9KS/9e9wvVUJLp6CUlpz4OIJwknWoCAwr0wKsM28MuHx3:haR3/9e9wvVUJLp6CUlpz4OIJwkniAwC
TLSH 5864E125E4FD0418E077B7B2D939A81246297553F87DCE8C5F23A71E84763A08D26FA2
Reporter JAMESWT_WT
Tags:Dridex

Intelligence

File Origin
# of uploads :
4
# of downloads :
178
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Generic.mg.ff525b560610f8a1.21884.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Detection:
dridex
Create hunting rule
Link:
https://mwdb.cert.pl/sample/27560c14d4e14a32b62e063af836be3308bf923eac063be28d49b04c6e279bde/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-09-08 13:50:13 UTC
File Type:
PE (Dll)
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
botnet loader family:dridex
Link:
https://tria.ge/reports/200908-txvxzppvda/
Behaviour
Suspicious use of WriteProcessMemory
Dridex Loader
Dridex
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/27560c14d4e14a32b62e063af836be3308bf923eac063be28d49b04c6e279bde

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 27560c14d4e14a32b62e063af836be3308bf923eac063be28d49b04c6e279bde

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/455499/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/455502/
  
URLhaus
https://urlhaus.abuse.ch/url/455503/
  
URLhaus
https://urlhaus.abuse.ch/url/455535/
  
URLhaus
https://urlhaus.abuse.ch/url/455541/
  
URLhaus
https://urlhaus.abuse.ch/url/455550/
Cape
Cape
https://www.capesandbox.com/analysis/57929/

Comments