MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 454c16302b57a36b544c02f80e7b36fe6766dee2b545efdb5e325d945919142b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Dridex

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	454c16302b57a36b544c02f80e7b36fe6766dee2b545efdb5e325d945919142b
SHA3-384 hash:	c66cbf384694d345c68f1cd900013da5f8cd0ef0cae3b83e5518adfb863289fe2114ac69130a5bea2a0d0e51452b3698
SHA1 hash:	0c49ed5a46c2868de3f6068bc3841012624d9382
MD5 hash:	9da15c4d927352057fd56d02f6071aeb
humanhash:	nine-hotel-wolfram-ten
File name:	9da15c4d927352057fd56d02f6071aeb.dll
Download:	download sample
Signature	Dridex Create hunting rule
File size:	212'797 bytes
First seen:	2021-01-21 18:30:37 UTC
Last seen:	2021-01-21 21:05:38 UTC
File type:	dll
MIME type:	application/x-dosexec
ssdeep	3072:21EFHX2KDA5wDUhNd9Ui4vN8TPFLFTgsxwyMtzsPHLKcF1snivV/4uKXvsPD/IcT:2esK8r/bTPF/PHLRFVvV/iicxShx
Threatray	6 similar samples on MalwareBazaar
TLSH	0124BE60FD80FD69EB1C63B49C5BECB911A5FC04965ABE4F32DF2E9B41A1612F143488
Reporter	abuse_ch
Tags:	dll Dridex

Intelligence

File Origin

# of uploads :

2

# of downloads :

183

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/113376/

Detection(s):

SecuriteInfo.com.W32.AIDetectVM.malware2.11799.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

Result

Verdict:

SUSPICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

clean

Classification:

n/a

Score:

3 / 100

Link:

https://www.joesandbox.com/analysis/587685

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/454c16302b57a36b544c02f80e7b36fe6766dee2b545efdb5e325d945919142b/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ivgbmmblk6rwwvcmal4a46zw7ztwnxxcwvc67w26gjoziwizcqvq._file

Verdict:

malicious

Similar samples:

17442781e228ba104fb306711af31fbafd8ddb5cf84e1067f1765698ec6fb580

1b004f4a0b41a1e7f0ebf49de986904b872626641c6e40e9893e09e848a0a303

3aa2de59ee2301694767bff91bf375dd8fe8d59c9941037d1da8ca78510b9f53

99dc052f25dc04623e6479983c2753147da72578bb5bce0966b0d5bfff6a3c2b

c1e758a9197acbf140ae54eb8f5fe2a44f28f4148b53f8bfc79c96d43c5d400d

f937d3d723829d306cf8589fd1d43556c6d8c9040baabdfbde79349f89ea9af2

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210121-w9rcqxgh1s/

Behaviour

Suspicious use of WriteProcessMemory

Unpacked files

SH256 hash:

454c16302b57a36b544c02f80e7b36fe6766dee2b545efdb5e325d945919142b

MD5 hash:

9da15c4d927352057fd56d02f6071aeb

SHA1 hash:

0c49ed5a46c2868de3f6068bc3841012624d9382

Link:

https://www.unpac.me/results/e094b40a-7f9c-414b-bf5e-55c8e9bae55c/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Dridex

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/454c16302b57a36b544c02f80e7b36fe6766dee2b545efdb5e325d945919142b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll 454c16302b57a36b544c02f80e7b36fe6766dee2b545efdb5e325d945919142b

(this sample)

Cape

Cape

https://www.capesandbox.com/analysis/113376/

URLhaus

https://urlhaus.abuse.ch/url/973271/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample