MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e2200ba4cff1f42584d4fd0dbdc24634da3463e6e0f5183f802b9d8cc8c42bc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3e2200ba4cff1f42584d4fd0dbdc24634da3463e6e0f5183f802b9d8cc8c42bc
SHA3-384 hash: ae923dc3e1c5530f29232a1ffe2493b4436859e1aa303b4593801fa2abbcee5e3e0cca517ba5f44fb04661ad20a7c9ff
SHA1 hash: 25a6a86899e56eb7b604cb78613ae54da525b736
MD5 hash: 15626983ea316fae26db48021b90fea0
humanhash: fix-skylark-charlie-charlie
File name:15626983ea316fae26db48021b90fea0.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:145'965 bytes
First seen:2020-10-17 07:16:09 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
ssdeep 3072:nS3ixdj5Ut+cd6T9f40BNlTv5dpGIgRONYt1KNj3LIaatuByN8Yte2YMRtiJwWZr:S3s9vfpA09TUZiYWpcl8Yte2YMnnWZIe
Threatray 28 similar samples on MalwareBazaar
TLSH B3E3E00BEAA6D9F1C2E950B9883B92652723D0E74752B9D30BF0224DDF776C26531F42
Reporter abuse_ch
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
183
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/72481/
Detection(s):
SecuriteInfo.com.Trojan.Dridex.735.11434.31330.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
24 / 100
Link:
https://www.joesandbox.com/analysis/494337
Signature
a
c
d
e
f
g
h
i
L
M
n
o
p
r
s
t
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3e2200ba4cff1f42584d4fd0dbdc24634da3463e6e0f5183f802b9d8cc8c42bc/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-10-17 07:18:05 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hyrabosm74puewcnj7inxxbemng2grr6nyhvda7yak45rtemik6a._file
Verdict:
unknown
Similar samples:
13505df434d68606d795543450bbbf96b02e5ae457386269fa47dd468cd32963
Dridex
16247d5569fc8f92c1ae0b2a06df17568ef36238632f8baee4d8760f2fe796be
Dridex
34906b0447d9ccdd3edc167f3c01a8a9bbd4550159efbb71f7149398bbf404ce
Dridex
3c2a6706749ae6f13563a9e632fcf1f2428149c1fd41a815c51e15cfa2791e0e
Dridex
46847b2ea53782a10fd82ab4ec2ac705d4029c9e93e7201e3b0f0928d2c34858
Dridex
512d27808f244696510e2129a5b87623cf73a354e065c28c6abfe023c2b9f647
Dridex
5694f91b4ded48c03a9a6d2be13f5d9300f873ee77ab4ac340facca786ef0f51
Dridex
6f44a7e56eb2efe65e35576ea02c37a740a7ec8c8d12b57be29012ad9894dad1
Dridex
813bb167eb3219f9421b237045f2f20c84ba294cef46fb81674301b42204e13e
Dridex
87aed661e50c176f7078e02ebf4cdd3cbf0cfc8a99345ed3c328a065071c4e59
Dridex
+ 18 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201017-cvakq47c2s/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
3e2200ba4cff1f42584d4fd0dbdc24634da3463e6e0f5183f802b9d8cc8c42bc
MD5 hash:
15626983ea316fae26db48021b90fea0
SHA1 hash:
25a6a86899e56eb7b604cb78613ae54da525b736
Link:
https://www.unpac.me/results/b9646a5a-8a01-449b-b602-576dc7838dc4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.40
Link:
https://yomi.yoroi.company/submissions/3e2200ba4cff1f42584d4fd0dbdc24634da3463e6e0f5183f802b9d8cc8c42bc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 3e2200ba4cff1f42584d4fd0dbdc24634da3463e6e0f5183f802b9d8cc8c42bc

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/72481/
  
URLhaus
https://urlhaus.abuse.ch/url/658191/
  
Delivery method
Distributed via web download

Comments