MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3bd3c64fcf25df24c69a07b9fa404f6c7b546889b1009b71240bb74d5a6bdeeb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 6


Intelligence 6 IOCs YARA 3 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3bd3c64fcf25df24c69a07b9fa404f6c7b546889b1009b71240bb74d5a6bdeeb
SHA3-384 hash: 28d53fe180d3a9d1fcc841cd0297aca6b27fd5ccca2bf107504958211fd132235e389dddc7cd9d398f3eabfe1b1d3815
SHA1 hash: 35cb19db8ddd92a4d8a6871b447d3a24ba5bf3e3
MD5 hash: 366ca81c2e7fb9a5f6d51a991a4bcf49
humanhash: kentucky-lithium-muppet-speaker
File name:366ca81c_by_Libranalysis
Download: download sample
Signature Dridex
Create hunting rule
File size:164'864 bytes
First seen:2021-05-05 23:05:07 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash bdaa0be01ce9860d02cb3111f632adfa (146 x Dridex)
ssdeep 3072:R84Dcp/qdOUKcT1GpvO0nygcp0DvA/fxHbeXaUDwOvHvWM:lDBdOlG0nyg1DvwxgZ/v
Threatray 135 similar samples on MalwareBazaar
TLSH 8DF3CFE89A9FC097E663583095FF37B6BA03D8478BC8DD10B281D52F5A1BD39DD09A01
Reporter Libranalysis
Tags:Dridex


Avatar
Libranalysis
Uploaded as part of the sample sharing project

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/151062/
Detection(s):
SecuriteInfo.com.Mal.EncPk-APX.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/716523
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect sandboxes / dynamic malware analysis system (file name check)
Yara detected Dridex unpacked file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3bd3c64fcf25df24c69a07b9fa404f6c7b546889b1009b71240bb74d5a6bdeeb/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-05-05 23:06:06 UTC
AV detection:
15 of 47 (31.91%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hpj4mt6pexpsjru2a647uqcpnr5vi2ejweajw4jebo3u2wtl33vq._file
Verdict:
unknown
Similar samples:
16b4fe51c3f1af8bcc3257e3b1e81433fdcac08e61bdefc95b5b10fb7a7bd74e
Dridex
17aeb7372b57d7559a6f507074fe1da973a104a2de8b0d8e229bfc4515c6d015
Dridex
1b3db260f69f51fd02533da364f56a4825e5ac0777ffc1fb68d54ce17662191e
Dridex
2ba11191a9da3d155b82d848577ee0b7eed0a90f86091d187bc157dd252a3d44
Dridex
41aceca0bb988c74c9320155126761b98d50c6e556a684070c8e3f3822464229
Dridex
4ec406d75588c4e395c1a5b93bf43da319684352061cf42876c704d92a52df92
Dridex
72306c6457c918bfaa19009cc21ae5eaf4bfad936e8694482c719f6f1c0c0266
Dridex
764f41b29285d1ad19f7bc5f0ad5d34255951cda7e24462e80bfe45847dbd545
Dridex
97d62d9cba3d8219f27c42650eb90fd3ee8aa4c7f478c76e30f88f11dd5e1a82
Dridex
9ff01c0edcf9082323a22fc225b4f2f7c9ff6d5b1f7c8d76c94da83b4c37ec25
Dridex
+ 125 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet:22202 botnet loader
Link:
https://tria.ge/reports/210505-xsm2ma38vj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Dridex Loader
Dridex
Malware Config
C2 Extraction:
45.55.134.126:443
67.207.83.96:8172
193.160.214.95:4125
Unpacked files
SH256 hash:
3bd3c64fcf25df24c69a07b9fa404f6c7b546889b1009b71240bb74d5a6bdeeb
MD5 hash:
366ca81c2e7fb9a5f6d51a991a4bcf49
SHA1 hash:
35cb19db8ddd92a4d8a6871b447d3a24ba5bf3e3
Link:
https://www.unpac.me/results/5c761495-9464-4a57-9256-0dd27df7daf6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Dridex
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3bd3c64fcf25df24c69a07b9fa404f6c7b546889b1009b71240bb74d5a6bdeeb

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DridexLoader
Create hunting rule
Author:kevoreilly
Description:Dridex v4 dropper C2 parsing function
Rule name:DridexV4
Create hunting rule
Author:kevoreilly
Description:Dridex v4 Payload
Rule name:MALWARE_Win_DLLLoader
Create hunting rule
Author:ditekSHen
Description:Detects unknown DLL Loader

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/151062/

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-05-06 00:03:50 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [B0001.025] Anti-Behavioral Analysis::Software Breakpoints
1) [B0009] Anti-Behavioral Analysis::Virtual Machine Detection