MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 31372a551165ad128ef26b0ef3b83654822830772445f01e66919847a5454fca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 31372a551165ad128ef26b0ef3b83654822830772445f01e66919847a5454fca
SHA3-384 hash: cd04f86c787ed656e59fc4af4daf3eaa54926afb1dd056f963a8a2923988b9179b81bf867c515d91a5264fc169cd57c2
SHA1 hash: d06fcb411c24409e72f35a232b65a772408c49bf
MD5 hash: 273325cdf58f49ad6115f4cf3b5f45e8
humanhash: potato-december-illinois-fourteen
File name:PO Ref-20211110-9384.xll
Download: download sample
Signature Dridex
Create hunting rule
File size:652'288 bytes
First seen:2021-10-12 08:22:02 UTC
Last seen:2021-10-12 12:15:08 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash be710ba34b048ab0098050ccf62e369c (18 x Formbook, 14 x Dridex, 9 x AgentTesla)
ssdeep 12288:z0Ws7IMtR4yVld8bzbBSrephgFK/UqWy:z0bdkX1HcL
Threatray 1 similar samples on MalwareBazaar
TLSH T1BFD46C55BECA6EA1EFBF47BB8361D62D0226735D03A1A6CF760305993951FC2443EA03
Reporter pr0xylife
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
2
# of downloads :
109
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/196801/
Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-vm greyware packed packed
Link:
https://www.filescan.io/uploads/616545b21c2d58ba7402e401/reports/aefc2703-6aef-469a-9692-56721c48e316/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/ce821998-5676-4d81-961d-adf787866e8b
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
6 / 100
Link:
https://www.joesandbox.com/analysis/868329
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/31372a551165ad128ef26b0ef3b83654822830772445f01e66919847a5454fca/
Verdict:
unknown
Similar samples:
5938e3656b29d4fca8fa6c890e57e0a64a7591c4298453cb64391164afd483d2
Dridex
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/211012-j9pnpabhc7/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
eac5f84f57148036844ade6a207cc199ae41a56dbf11e3f7f7001378a62d40a6
MD5 hash:
3b7af87d06e8d851bde29148e587108f
SHA1 hash:
fbbd4cc87d793e3a3b669951e7920bcbe5ef5533
Link:
https://www.unpac.me/results/23ad3d18-102c-4e66-b80b-8554c36b9fe6/
SH256 hash:
3f18194190b2ee9400c09cdea45e81a151f9787f24f200cacfc9e5fb885896fd
MD5 hash:
d18f09e3c610c0c01785bc7f5c1142f9
SHA1 hash:
267a353a4314fde5b16b59a0a622dc1f6652b766
Link:
https://www.unpac.me/results/23ad3d18-102c-4e66-b80b-8554c36b9fe6/
SH256 hash:
31372a551165ad128ef26b0ef3b83654822830772445f01e66919847a5454fca
MD5 hash:
273325cdf58f49ad6115f4cf3b5f45e8
SHA1 hash:
d06fcb411c24409e72f35a232b65a772408c49bf
Link:
https://www.unpac.me/results/23ad3d18-102c-4e66-b80b-8554c36b9fe6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/31372a551165ad128ef26b0ef3b83654822830772445f01e66919847a5454fca

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/196801/

Comments