MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3391f266ecea6f5fe101269bb944ab7a4d79be9f3d2da0823b839ca485ff984f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3391f266ecea6f5fe101269bb944ab7a4d79be9f3d2da0823b839ca485ff984f
SHA3-384 hash: f8f8ccbeaadce785c0903cd8fe6c4af9f8d9b09a22635e52a9b2c4a9739619abd1490082047ae8af0cf7bed924d5a279
SHA1 hash: caa591189d4604d5366462a16c6fc0f8232ff9a9
MD5 hash: a1f4078589c2b67b659538fa40653e15
humanhash: ack-kilo-coffee-crazy
File name:a1f4078589c2b67b659538fa40653e15.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:942'080 bytes
First seen:2021-02-18 07:04:29 UTC
Last seen:2021-02-18 11:56:20 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 2b5af016caf77cb8f1d9180b332d8806 (11 x Dridex)
ssdeep 24576:WDWfnaVoffEQmyO378WTkvEKT9Hgce1BHbo+Cm:Cuaq34yDWTkvvT9Hgdbo+C
Threatray 469 similar samples on MalwareBazaar
TLSH D415E0007682C072D4A59774CD28D1FD8A69BE65CF2008EB73D43FAF3A755C18E35A6A
Reporter abuse_ch
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
2
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/117670/
Detection(s):
SecuriteInfo.com.Trojan.Dridex.735.30811.23357.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/611116
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected Dridex unpacked file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3391f266ecea6f5fe101269bb944ab7a4d79be9f3d2da0823b839ca485ff984f/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2021-02-17 19:33:31 UTC
AV detection:
13 of 29 (44.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=goi7ezxm5jxv7yibe2n3srflpjgxtpu7huw2bar3qookjbp7tbhq._file
Verdict:
malicious
Label(s):
dridex
Create hunting rule
gozi
Create hunting rule
Similar samples:
2b0392dfcc30896508c115c3151c8f15648600996312e7fb728a524bf946f2dd
Dridex
30b6438b14eac5337f6d0f81997a4fce356611fc19155ae3650d5df21e894e74
Dridex
48df40524456a981de9356a9b89ecfded629e931b85e9f8519effb9d4079379c
Dridex
9101c4df8358b9c115bb2cc874a4351d706040fd9c312e2acc045ff50f60006d
Dridex
96b51e628389b4044eb4c4d262deadbcfa778db13a7768ab7806b0e1f81d2ebf
Dridex
ac152e73957a8cb702eb7f18bb38e2bf92e4702e108ac71d403b829600b2029f
Dridex
b6ab389440b4a038ffde4ca381640a0bd982f8e970bcffdbe82629c0ae395ca7
Dridex
b6bd8479ef5943eaf26efdcda11ab09bf0569ad2295ba905fc0901511ca7c286
Dridex
de81f923ca4c12378688a8e26fbb0ec11d69d35f509cff7815fd3d4bc9bb0f59
Dridex
f4aaca975059e9bd029b5f7b0e7089eef5422aae9c676ab160467ef3424afd2b
Dridex
+ 459 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet:10444 botnet discovery evasion loader trojan
Link:
https://tria.ge/reports/210218-7eh8snb6b6/
Behaviour
Suspicious use of WriteProcessMemory
Checks installed software on the system
Checks whether UAC is enabled
Blocklisted process makes network request
Dridex Loader
Dridex
Malware Config
C2 Extraction:
209.20.87.138:443
198.1.115.153:8172
151.236.29.248:6516
Unpacked files
SH256 hash:
0198622255c5c9304632ecffff84544761dd14e26d28f919c6d5b79407032e6f
MD5 hash:
38ecadb0a4c1b2625884ae29501bc223
SHA1 hash:
d4f5ac1da0c1fd58c96c8cd40606ad3bfb3c70c4
Link:
https://www.unpac.me/results/29c1370d-9346-42da-bb9c-cd5bd3c8084a/
SH256 hash:
3391f266ecea6f5fe101269bb944ab7a4d79be9f3d2da0823b839ca485ff984f
MD5 hash:
a1f4078589c2b67b659538fa40653e15
SHA1 hash:
caa591189d4604d5366462a16c6fc0f8232ff9a9
Link:
https://www.unpac.me/results/29c1370d-9346-42da-bb9c-cd5bd3c8084a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3391f266ecea6f5fe101269bb944ab7a4d79be9f3d2da0823b839ca485ff984f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 3391f266ecea6f5fe101269bb944ab7a4d79be9f3d2da0823b839ca485ff984f

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/117670/
  
URLhaus
https://urlhaus.abuse.ch/url/1016107/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1016118/
  
URLhaus
https://urlhaus.abuse.ch/url/1016146/
  
URLhaus
https://urlhaus.abuse.ch/url/1016098/
  
URLhaus
https://urlhaus.abuse.ch/url/1016145/
  
URLhaus
https://urlhaus.abuse.ch/url/1016140/
  
URLhaus
https://urlhaus.abuse.ch/url/1016095/
  
URLhaus
https://urlhaus.abuse.ch/url/1016133/
  
URLhaus
https://urlhaus.abuse.ch/url/1016750/
  
URLhaus
https://urlhaus.abuse.ch/url/1016757/
  
URLhaus
https://urlhaus.abuse.ch/url/1016764/
  
URLhaus
https://urlhaus.abuse.ch/url/1016768/
  
URLhaus
https://urlhaus.abuse.ch/url/1016769/
  
URLhaus
https://urlhaus.abuse.ch/url/1016782/
  
URLhaus
https://urlhaus.abuse.ch/url/1016793/
  
URLhaus
https://urlhaus.abuse.ch/url/1016796/
  
URLhaus
https://urlhaus.abuse.ch/url/1016795/
  
URLhaus
https://urlhaus.abuse.ch/url/1016820/
  
URLhaus
https://urlhaus.abuse.ch/url/1016828/
  
URLhaus
https://urlhaus.abuse.ch/url/1016831/

Comments