MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 28320bfe7a9b1b1fe2aded338d94f348c7f881d20ae6dc57d9b9a5504c4a751f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Dridex

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments 1

SHA256 hash:	28320bfe7a9b1b1fe2aded338d94f348c7f881d20ae6dc57d9b9a5504c4a751f
SHA3-384 hash:	31269c95fa350153c2b979f425e053ee1c3c2399a8422a5be1ede82796022ff776b2c283741d611cecbbfe1f9c103de3
SHA1 hash:	6475ad41d8300fdb618d1385bbded2706d8dc05b
MD5 hash:	c553a50c92e8418a389d4e5bf89e6d1c
humanhash:	artist-diet-asparagus-wolfram
File name:	c553a50c_by_Libranalysis
Download:	download sample
Signature	Dridex Create hunting rule
File size:	165'888 bytes
First seen:	2021-05-05 12:01:52 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	987b9d7dc84d935c3675da82d40e06f2 (8'604 x Dridex, 2 x Gozi, 1 x Tofsee)
ssdeep	3072:JIcsGvTmf9vOmoM0IZ5kPjBxYvdIL2KyOQaOP8+cMTH1PxsMYQnF1b1l:yc7UtOpM1Z5k1xYO2LXjTH1pH5nF1p
Threatray	7'222 similar samples on MalwareBazaar
TLSH	87F3C088CBB3E4E6EFB2D37976F85E1B461674551408B4F4C86CA68F74ABD008AE50F1
Reporter	Libranalysis
Tags:	Dridex

Libranalysis

Uploaded as part of the sample sharing project

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/150564/

Detection(s):

Win.Packed.Generickdz-9852495-0

Win.Packed.Generickdz-9857416-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/0cb64486-df25-405c-8ecc-fb3a9567beab

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/28320bfe7a9b1b1fe2aded338d94f348c7f881d20ae6dc57d9b9a5504c4a751f/

Threat name:

Win32.Trojan.Drixed

Status:

Malicious

First seen:

2021-05-05 12:02:17 UTC

AV detection:

27 of 29 (93.10%)

Threat level:

5/5

Verdict:

unknown

Result

Malware family:

n/a

Score:

10/10

Tags:

n/a

Link:

https://tria.ge/reports/210505-3w2g1yemks/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Suspicious use of NtCreateProcessExOtherParentProcess

Unpacked files

SH256 hash:

28320bfe7a9b1b1fe2aded338d94f348c7f881d20ae6dc57d9b9a5504c4a751f

MD5 hash:

c553a50c92e8418a389d4e5bf89e6d1c

SHA1 hash:

6475ad41d8300fdb618d1385bbded2706d8dc05b

Link:

https://www.unpac.me/results/33ce829a-93c4-42d7-ad5d-a96830f43ad6/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 28320bfe7a9b1b1fe2aded338d94f348c7f881d20ae6dc57d9b9a5504c4a751f

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1123415/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/150564/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-05-05 14:10:52 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [B0009] Anti-Behavioral Analysis::Virtual Machine Detection
1) [C0026.002] Data Micro-objective::XOR::Encode Data