MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2ee89b249239c74f9862bd5da57e36780142f8a5cbaecda5d102cae097d6cfd6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Dridex

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	2ee89b249239c74f9862bd5da57e36780142f8a5cbaecda5d102cae097d6cfd6
SHA3-384 hash:	f878c546c56a198c6c2a3d65af2502d5606998e14238c2659c4289fa541c3bc09e3871c570d715929ca31eee4793dc91
SHA1 hash:	f8b19d6c5624e562f3ec9a1ef33f33e6b9313a8e
MD5 hash:	150f42ff16bd2ae9895532a7be6284a1
humanhash:	harry-mobile-beer-october
File name:	150f42ff16bd2ae9895532a7be6284a1.dll
Download:	download sample
Signature	Dridex Create hunting rule
File size:	335'872 bytes
First seen:	2020-09-08 07:40:50 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	a9dcba22e49d69dd17ae0f6b7ed41420 (8 x Dridex)
ssdeep	6144:fwvQdB7ab5FaBYA3JBaUH/kOyQ1SDofgEcwY1KEcyk1emcwQ3oj:fwoveb5FaP1HTyQ14ugjXKjveF
TLSH	6764D001BBE99084F3BB2BB0D8B73199173E3EDFC4F58A2C5A044D5D1CB5B525894BA2
Reporter	abuse_ch
Tags:	dll Dridex

abuse_ch

Dridex C2s:
45.79.8.25:443
185.201.9.197:9443
217.160.78.166:4664
108.175.9.22:33443

Intelligence

File Origin

# of uploads :

1

# of downloads :

160

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Detection(s):

SecuriteInfo.com.Variant.Razy.749601.21846.6645.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

Detection:

dridex

Link:

https://mwdb.cert.pl/sample/2ee89b249239c74f9862bd5da57e36780142f8a5cbaecda5d102cae097d6cfd6/

Threat name:

Win32.Trojan.Kryptik

Status:

Malicious

First seen:

2020-09-07 16:18:33 UTC

File Type:

PE (Dll)

AV detection:

23 of 29 (79.31%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=f3ujwjeshhdu7gdcxvo2k7rwpaauf6ffzoxm3joralfobf6wz7la._file

Result

Malware family:

dridex

Score:

10/10

Tags:

botnet loader family:dridex

Link:

https://tria.ge/reports/200908-7pnybjs41n/

Behaviour

Suspicious use of WriteProcessMemory

Dridex Loader

Dridex

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Trojan

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/2ee89b249239c74f9862bd5da57e36780142f8a5cbaecda5d102cae097d6cfd6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll 2ee89b249239c74f9862bd5da57e36780142f8a5cbaecda5d102cae097d6cfd6

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/455314/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/455324/

URLhaus

https://urlhaus.abuse.ch/url/455326/

URLhaus

https://urlhaus.abuse.ch/url/455343/

URLhaus

https://urlhaus.abuse.ch/url/455350/

Cape

Cape

https://www.capesandbox.com/analysis/57815/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample