MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3836ff75d10503ebe92c4149ec1a1cbacc530cf1c6cb11a28b293f9a8c41e2e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3836ff75d10503ebe92c4149ec1a1cbacc530cf1c6cb11a28b293f9a8c41e2e5
SHA3-384 hash: ff262c743937a951abe83995ce3a0409db7b75959ae63f069e9027f83fff3cbdc18bea1376c003ecd9fc8f3eace57321
SHA1 hash: dbc63a053568d46ded1f9ead219bce03d4a9647f
MD5 hash: 74870d1bd01a7426cdb048939f4fb4ec
humanhash: red-nitrogen-tennis-sodium
File name:74870d1bd01a7426cdb048939f4fb4ec
Download: download sample
Signature Dridex
Create hunting rule
File size:524'288 bytes
First seen:2021-12-20 16:55:56 UTC
Last seen:2021-12-21 13:58:55 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 5ad3b93adc2f9b7a31e634988c069f77 (85 x Dridex)
ssdeep 12288:r2cK4kV9W/k7MNKABzMyLi8E6+DnOM2Swyu5n:GkMs9
Threatray 5'669 similar samples on MalwareBazaar
TLSH T121B4AF92960F6767E43C32B3E8E36436AB434F280DD4BDE5BA00764F733D498649D686
Reporter zbetcheckin
Tags:32 dll Dridex exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
143
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Lazy.88453.19332.31240.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/61c0b5aeec6c6c14a9e5726c/reports/e7feac6c-5edb-4bde-bec9-cbe1c43f1052/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Dridex
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d9f1c291-d9e3-4c8c-827d-fc83f8719603
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/910453
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Tries to delay execution (extensive OutputDebugStringW loop)
Yara detected Dridex unpacked file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 542933 Sample: dBPSHum48m Startdate: 20/12/2021 Architecture: WINDOWS Score: 80 22 89.31.56.58 UNITHOST-ASNL Netherlands 2->22 24 51.159.52.196 OnlineSASFR France 2->24 26 2 other IPs or domains 2->26 28 Found malware configuration 2->28 30 Multi AV Scanner detection for submitted file 2->30 32 Yara detected Dridex unpacked file 2->32 34 3 other signatures 2->34 9 loaddll32.exe 1 2->9         started        signatures3 process4 signatures5 36 Tries to delay execution (extensive OutputDebugStringW loop) 9->36 12 cmd.exe 1 9->12         started        14 rundll32.exe 9->14         started        process6 process7 16 rundll32.exe 12->16         started        18 WerFault.exe 9 14->18         started        process8 20 WerFault.exe 23 9 16->20         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3836ff75d10503ebe92c4149ec1a1cbacc530cf1c6cb11a28b293f9a8c41e2e5/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2021-12-20 16:56:12 UTC
File Type:
PE (Dll)
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
doppeldridex
Create hunting rule
dridex
Create hunting rule
Similar samples:
2ed4c30203ad5091fac0cb694f5dca3af5a591e0de6a56a0dfb51f20ba82fbc9
Dridex
4e41e0a0750125693aeadde94e11f23f9b29a81b26b41463117bd39d19374f84
Dridex
752cc527d4c57db8e25158c476c2cc059c688d68b869428f1c5fce651e47a4b2
Dridex
b3f2455dbdfadfdb76026bff37d4180f90b8dcfed7ce84043e2fcef4ae33b5e1
Dridex
e5607a5a103d6bc04f97ffdeea63ba4629a6f99d55d89d2b2047e6d61c539357
Dridex
ee14add8eb5342d6c672dbff573b0737ac4f718f06d2881f9d319e6c806db770
Dridex
+ 5'659 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet:22203 botnet loader
Link:
https://tria.ge/reports/211220-vfpblsbcd6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Dridex Loader
Dridex
Malware Config
C2 Extraction:
51.159.52.196:443
134.209.247.135:6602
194.233.68.48:5228
89.31.56.58:593
Unpacked files
SH256 hash:
3836ff75d10503ebe92c4149ec1a1cbacc530cf1c6cb11a28b293f9a8c41e2e5
MD5 hash:
74870d1bd01a7426cdb048939f4fb4ec
SHA1 hash:
dbc63a053568d46ded1f9ead219bce03d4a9647f
Link:
https://www.unpac.me/results/1a40054d-fb84-4119-97f4-eac2d2ed3ea2/
Malware family:
Dridex
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/3836ff75d105/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3836ff75d10503ebe92c4149ec1a1cbacc530cf1c6cb11a28b293f9a8c41e2e5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 3836ff75d10503ebe92c4149ec1a1cbacc530cf1c6cb11a28b293f9a8c41e2e5

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1902457/
  
URLhaus
https://urlhaus.abuse.ch/url/1904317/

Comments


Avatar
zbet commented on 2021-12-20 16:55:57 UTC

url : hxxps://bpnjabar.tams-app.com/8QOBD2/dlwrnWJckkklgbtq.bin