MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 44164ede55b7ee39b8dbaef02b46fec61736b26a92fc78dee22cdcca1763eef6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 44164ede55b7ee39b8dbaef02b46fec61736b26a92fc78dee22cdcca1763eef6
SHA3-384 hash: f2cc136a3b9b09f4d1175320cd08e45855cc9edcc06ff18970f600102be50fa6e1fc1b90e374ba6a8cf57daca808a167
SHA1 hash: 76930a7b894b01ea8ae0b62b90624cb42a35719c
MD5 hash: 441d3363dc059e02bafb6bf5ba9f1619
humanhash: winter-item-delaware-purple
File name:44164ede55b7ee39b8dbaef02b46fec61736b26a92fc78dee22cdcca1763eef6
Download: download sample
Signature Dridex
Create hunting rule
File size:441'344 bytes
First seen:2020-10-03 05:43:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 46daf2d189a1f99664b65b180657c179 (11 x Dridex)
ssdeep 12288:FAxp7ZGG97E1ypzurnfvASA1kec81X8U8tnx:FmtZl9wQRurnXP+3L1MU8b
Threatray 12 similar samples on MalwareBazaar
TLSH 98941245E297DDE1C4680AB4DD22AAED54BC7F658E03C14331D2BE1A3BF8A53D52A342
Reporter JAMESWT_WT
Tags:Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
320
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Artemis441D3363DC05.9629.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Dridex Dropper
Create hunting rule
Detection:
malicious
Classification:
bank.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/480715
Signature
Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Dridex dropper found
Found potential dummy code loops (likely to delay analysis)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/44164ede55b7ee39b8dbaef02b46fec61736b26a92fc78dee22cdcca1763eef6/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-10-03 03:37:12 UTC
File Type:
PE (Exe)
Extracted files:
34
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=iqle5xsvw7xdtog3v3ycwrx6yyltnmtksl6hrxxcftomuf3d533a._file
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
1b51d0ffc92c95be92b7da71bd49b75910839d15203a0fc8a52172ed51e3ed87
Dridex
30ddf8d34671494f41ef339a36a9a91d8593a297c299c16603c73e1842486284
Dridex
499ca0fe7ccf47d465bb6dc804b978cd2785e99e45dd257d15fcbf101b26bcab
Dridex
5134abe5dc819aae6cd91607cad4ab81f79dae8531dbdbfcac3631d95f82ab4c
Dridex
63edc4ccc3345880ec3dd6e74360b45a0fa1e9b3147c21d245557ee0721fc347
Dridex
7a77b516c563c8bbe904af3b90cfb89148b879b807aa34d93be3b1a2eb93a016
Dridex
8c8896ec10234612dd5063dfa4f84ca815ace19c4c2b0b3def9c29be0029f390
Dridex
93a47f8cffdd7f69d020813a390ffcf3bf850a5e53d398feba160f8efd2b5c43
Dridex
b354b40413ec755a51a63ab930860d9078d9ad157f1f18b0d0c441d73bf6691c
Dridex
d0b22ae087511553366f2c9292424f5f3bebbbe621ed54a91d52b9f8d96f594e
Dridex
+ 2 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
botnet loader family:dridex
Link:
https://tria.ge/reports/201003-8zxtrtgd3e/
Behaviour
Dridex Loader
Dridex
Malware Config
C2 Extraction:
5.9.178.143:443
185.230.161.62:3389
2.58.16.89:8443
Unpacked files
SH256 hash:
44164ede55b7ee39b8dbaef02b46fec61736b26a92fc78dee22cdcca1763eef6
MD5 hash:
441d3363dc059e02bafb6bf5ba9f1619
SHA1 hash:
76930a7b894b01ea8ae0b62b90624cb42a35719c
Link:
https://www.unpac.me/results/a7616056-b2b2-40c5-b58c-d19db790d238/
SH256 hash:
f36320aebc21821773fb775f7eb97fa80d3385748e07e24c790e63b759fded3c
MD5 hash:
c39fbe80b2444f41dd51aa8ff154b9c0
SHA1 hash:
06157eddf5293f5bd5fb4e065249da33fee321ed
Link:
https://www.unpac.me/results/a7616056-b2b2-40c5-b58c-d19db790d238/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Dridex
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/44164ede55b7ee39b8dbaef02b46fec61736b26a92fc78dee22cdcca1763eef6

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_dridex_loader_v1
Create hunting rule
Author:Johannes Bader @viql
Description:detects some Dridex loaders
Rule name:win_dridex_loader_v2
Create hunting rule
Author:Johannes Bader @viql
Description:detects some Dridex loaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/67880/

Comments