MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 288f2c9472c49d03361a8d4605cdcc13692271a46ea3d26d23be9cd29fc67c03. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 288f2c9472c49d03361a8d4605cdcc13692271a46ea3d26d23be9cd29fc67c03
SHA3-384 hash: 882396f538790836491b1b283f2cc4eb22993d3446cf38853e2f0924cc4a5d0ed982b9cd027ef5f74d34540e2319c17a
SHA1 hash: ea131a32941082022f1a88b47ec5c6bb54b5bf7e
MD5 hash: 9d5ae21f8c60a48943d40ccc090d0e08
humanhash: earth-virginia-vermont-william
File name:9d5ae21f8c60a48943d40ccc090d0e08.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:193'732 bytes
First seen:2020-11-09 07:32:19 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
ssdeep 3072:DpQtCcbPNUi+ENmG2Bfpzvi3bHGw7AbikWiUKKWGj0YmRnn1adAHhwN8McGo6m:DiMelCGbmxmhf0YmRnnk2H+k76m
Threatray 12 similar samples on MalwareBazaar
TLSH 9314BE10B545C070D29241BACAADD7F8453C7D21CF5689DBB3D82E6F36348E0773A6AA
Reporter abuse_ch
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
3 / 100
Link:
https://www.joesandbox.com/analysis/525935
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/288f2c9472c49d03361a8d4605cdcc13692271a46ea3d26d23be9cd29fc67c03/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-11-09 07:34:06 UTC
AV detection:
11 of 29 (37.93%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fchszfdsysoqgnq2rvdaltomcnuse4nen2r5e3jdx2onfh6gpqbq._file
Verdict:
suspicious
Similar samples:
00777c86e585397754f0e73a927bcaa3e39a4948d9bb28e758f0f5bfdac1eef4
Dridex
174c621f41276dd1732bb57b4e44aa0c5476ee3bf890a3ba0e02f7565d283d9c
Dridex
1ffddaf83d82d0c6665cef0d9693e7d37f5f10c45afb71568f26d780321ec2be
Dridex
5ae258cd945721e699415cd0c590dfd63080ad5f7cc59154cebb7ac74474960f
Dridex
86f09ef05798927f80dfd314969dc0b47cfb01e1124bc1babd6fd8eaaeab2f66
Dridex
91c37cc2194f53dfb818f6655bd608a43df1047e5791bb3097851bfe31c5ef71
Dridex
9dcffd886644a2c4071c3828a86d7a85a30b80f95c419ec0af0adf7ed7478149
Dridex
9e6e3e7c605547601964990bda7c213c62b9ad22c1c95119053e947fb97df5ac
Dridex
b2c289be94c22e37b2835a7f532cc3995459892fa7fe865175f69b1bc0e1a20b
Dridex
cdf711e624173c21c77983e25b57e8422643b890c9c4b067e09e9e69a03d0a3d
Dridex
+ 2 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-6cfye6b4kj/
Behaviour
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 288f2c9472c49d03361a8d4605cdcc13692271a46ea3d26d23be9cd29fc67c03

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/760685/
  
Delivery method
Distributed via web download

Comments