MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 33f58c125b2149fd2d4ab64d7014ba25b423bd8f190b0aac13e0de8c88049684. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 33f58c125b2149fd2d4ab64d7014ba25b423bd8f190b0aac13e0de8c88049684
SHA3-384 hash: f6e3d97cd922663e6317a7a706afd08043c5c8d9f113e28e50a4698f3eec187f81d7012b15424f166094988127f0d5f2
SHA1 hash: 5d90bc386c3fc8c93cf9e8a1ae0b064ba364ee9d
MD5 hash: 5f2b88da5c8cce7c2e59e92e4c5243ba
humanhash: music-island-bakerloo-enemy
File name:SecuriteInfo.com.Artemis5F2B88DA5C8C.18519
Download: download sample
Signature Dridex
Create hunting rule
File size:217'088 bytes
First seen:2020-03-23 23:46:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c49931ef1db317f1f5c137bfa9cbb16f (1 x Dridex)
ssdeep 3072:zdbL5XqmS8dNFuqLObQIhWfJX7uPW8tKER04vapVMaJj62tM3d13vw8UQq4dU0w:zJdqmXTFnp+Wm2uJEVPJ+H3rYoqmU
Threatray 291 similar samples on MalwareBazaar
TLSH 7D241241D2EDC8BFF9A648702251293F5303BD88103CDB47ED81DE46A526691F53EBAB
Reporter SecuriteInfoCom
Tags:Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis5F2B88DA5C8C.18519.UNOFFICIAL
Create hunting rule

Result
Threat name:
Dridex Dropper
Create hunting rule
Detection:
malicious
Classification:
bank.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/331760
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
Win32.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2020-03-23 18:16:47 UTC
File Type:
PE (Exe)
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
dridex
Create hunting rule
emotet
Create hunting rule
Similar samples:
3d0f043627dea5de72eae3fd54dd228dcc4320e8802200dbf21bcbe1cce0bf4a
Dridex
41a3586da1ade6096a5d254c93d071ed5bdd702ddbff61b5db3473495de412e6
Dridex
5528a39d6f2ca52ad81f936c75e2036cb91d0e88824f7a5abd67a601314b66bb
Dridex
6067b4d4febf1c025385eab5f40934d1ffe00e3ce2d6f5bb8f6481689d48ae72
Dridex
78839fce69215d10637ea20a38b1108b8e69719e8ac53b79b0f34d30d6b340a0
Dridex
809dd9df68daf8e93c2b15309aad4401aa1c7a30f727caa5cc7b2cc46aca8664
Dridex
962f378f2e541433349acb928affd380f6d4960443ab39588115f920f43c71c6
Dridex
9c749e76dc4c135b3e3f87eac42b6aae70a8efec197f9d311917a665697c1bbd
Dridex
ce90df48bfadeec34a0e41e19bb140fda94c59fe3d27095b517da6bba4f9eeb3
Dridex
d3d026f833f38db4e9c43dd3b7371c3826e39d16ed6c0dfd69301584c6ac4783
Dridex
+ 281 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

Executable exe 33f58c125b2149fd2d4ab64d7014ba25b423bd8f190b0aac13e0de8c88049684

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/328971/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User AuthorizationADVAPI32.dll::BuildExplicitAccessWithNameW
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::AssignProcessToJobObject

Comments