MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 390707cb5b5790b45295bddcb749ffdde7439e1f4e9ef0b732597bf1b75fa534. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 390707cb5b5790b45295bddcb749ffdde7439e1f4e9ef0b732597bf1b75fa534
SHA3-384 hash: 1fb382f41098738be441a20c441a29f5dea51bf9550436fa2acd7f2a980e364951bc7e3620815144816779e25d9632fa
SHA1 hash: 926b8afd825e2d2a3271d9f09cfd503863a434eb
MD5 hash: 77f4a188fcb8ec4f75e227cc9f9313c9
humanhash: ten-lion-potato-neptune
File name:77f4a188fcb8ec4f75e227cc9f9313c9.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:192'512 bytes
First seen:2021-09-21 06:42:02 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash f8e5a95d062791486e95dac858f22b5a (7 x Dridex)
ssdeep 3072:39g3Pf+EEZ8x1ap5V5VSwI347BCbWKep1oAfxkOudNCes0C:39g3PfK8xmgLaBCbWXNkOE
Threatray 5'012 similar samples on MalwareBazaar
TLSH T13B14E07ABFFBE0F6C82E82F3417582751859D8349718CA77C6B3F929D4750D462A8C22
Reporter abuse_ch
Tags:22201 dll Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
180
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/189667/
Detection(s):
SecuriteInfo.com.ML.PE-A+Mal.EncPk-APX.29252.21897.UNOFFICIAL
Create hunting rule

Malware family:
Dridex
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/30a8bcc6-d7a8-41b4-92ef-cf6cc0fa82c7
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/854603
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected Dridex unpacked file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 487038 Sample: fHGN8CbGnu.dll Startdate: 21/09/2021 Architecture: WINDOWS Score: 72 21 169.255.57.61 Web4AfricaZA South Africa 2->21 23 103.42.56.15 VNPT-AS-VNVNPTCorpVN Viet Nam 2->23 25 128.199.192.135 DIGITALOCEAN-ASNUS United Kingdom 2->25 27 Found malware configuration 2->27 29 Multi AV Scanner detection for submitted file 2->29 31 Yara detected Dridex unpacked file 2->31 33 2 other signatures 2->33 9 loaddll32.exe 1 2->9         started        signatures3 process4 process5 11 cmd.exe 1 9->11         started        13 rundll32.exe 9->13         started        process6 15 rundll32.exe 11->15         started        17 WerFault.exe 9 13->17         started        process7 19 WerFault.exe 23 9 15->19         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/390707cb5b5790b45295bddcb749ffdde7439e1f4e9ef0b732597bf1b75fa534/
Threat name:
Win32.Trojan.Sabsik
Create hunting rule
Status:
Malicious
First seen:
2021-09-20 20:28:39 UTC
AV detection:
22 of 45 (48.89%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
doppeldridex
Create hunting rule
dridex
Create hunting rule
Similar samples:
065a662e4d1b4e1459595afa49d830ca4ea66b520bd44b7a77b0d67e479eb7cf
Dridex
184b692e8d04966338989a4a2cb1cf79fa4a5012748a967b97c1dbfd4f11b010
Dridex
261887acf9e4803b4eb8bf23c0d70a2f3c7ec9cdf0696a1eb64a34bdff646ea9
Dridex
375167a16a6beeee52910d6424eb884c631ada9bcb9843809eecd0475718e549
Dridex
3cba24dba02d5817a029caee6eadf1b3b4eb75ff861c62df3e4d4fbde1c349c2
Dridex
3ec7158693ef7f4a03534695d13976f55a14cba1b697dab458415a91786f5555
Dridex
537866a96449444a54002776f34eecf053c23122a554a79f4743df0749aa8005
Dridex
770cb2aa5ea76f90e27bc72110b531fa3985ab4352d25362926971285408f148
Dridex
a1d46848e19575fb1226f0f5207b9f319db0a092dc742cc2d8a2408de963be2a
Dridex
+ 5'002 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet:22201 botnet loader
Link:
https://tria.ge/reports/210921-hgdkaabccp/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Dridex Loader
Dridex
Malware Config
C2 Extraction:
103.42.56.15:443
169.255.57.61:8116
128.199.192.135:6602
Unpacked files
SH256 hash:
8399d7362e8147673b46ee331b6be0d8f3a131c81e3dd4795cc2e9ce86aad09c
MD5 hash:
4a268c304def9732baa2bb056f4c5e4f
SHA1 hash:
d72a06f82e45d92d445057d9ac1898f2b749219f
Detections:
win_dridex_auto
Create hunting rule
Link:
https://www.unpac.me/results/e881bc47-3215-40af-9a2b-661ce5ab8619/
Parent samples :
261887acf9e4803b4eb8bf23c0d70a2f3c7ec9cdf0696a1eb64a34bdff646ea9
184b692e8d04966338989a4a2cb1cf79fa4a5012748a967b97c1dbfd4f11b010
3ec7158693ef7f4a03534695d13976f55a14cba1b697dab458415a91786f5555
390707cb5b5790b45295bddcb749ffdde7439e1f4e9ef0b732597bf1b75fa534
a1d46848e19575fb1226f0f5207b9f319db0a092dc742cc2d8a2408de963be2a
065a662e4d1b4e1459595afa49d830ca4ea66b520bd44b7a77b0d67e479eb7cf
375167a16a6beeee52910d6424eb884c631ada9bcb9843809eecd0475718e549
SH256 hash:
c7990f1e72fdfa84552f02f9d11cabb74251b0508291af5366fefcee646f9c91
MD5 hash:
274385a8580daa9b30543d6204250280
SHA1 hash:
4c5c459a7067f1177a49af80a1e44d8916706457
Detections:
win_doppeldridex_auto
Create hunting rule
Link:
https://www.unpac.me/results/e881bc47-3215-40af-9a2b-661ce5ab8619/
Parent samples :
261887acf9e4803b4eb8bf23c0d70a2f3c7ec9cdf0696a1eb64a34bdff646ea9
390707cb5b5790b45295bddcb749ffdde7439e1f4e9ef0b732597bf1b75fa534
065a662e4d1b4e1459595afa49d830ca4ea66b520bd44b7a77b0d67e479eb7cf
375167a16a6beeee52910d6424eb884c631ada9bcb9843809eecd0475718e549
SH256 hash:
390707cb5b5790b45295bddcb749ffdde7439e1f4e9ef0b732597bf1b75fa534
MD5 hash:
77f4a188fcb8ec4f75e227cc9f9313c9
SHA1 hash:
926b8afd825e2d2a3271d9f09cfd503863a434eb
Link:
https://www.unpac.me/results/e881bc47-3215-40af-9a2b-661ce5ab8619/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.30
Link:
https://yomi.yoroi.company/submissions/390707cb5b5790b45295bddcb749ffdde7439e1f4e9ef0b732597bf1b75fa534

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 390707cb5b5790b45295bddcb749ffdde7439e1f4e9ef0b732597bf1b75fa534

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1636378/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/189667/

Comments