MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4707cc2c4a34697dc0cee836a78e30d79785177c65938af845cba3782c9d850b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4707cc2c4a34697dc0cee836a78e30d79785177c65938af845cba3782c9d850b
SHA3-384 hash: 7ee9099f1843de2e2d3835f457973220cef9435dcb0a9efe1adfa4bfebef1043630d69d649f414ee46cb66310f48e869
SHA1 hash: bb714307a34ba01bd565c21444048c5174c67f5b
MD5 hash: 98e93c1a19ed0a60107be4f8761c7c04
humanhash: skylark-california-yellow-jig
File name:98e93c1a19ed0a60107be4f8761c7c04.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:688'128 bytes
First seen:2021-02-10 17:00:50 UTC
Last seen:2021-02-10 18:54:45 UTC
File type:DLL dll
MIME type:application/x-dosexec
ssdeep 12288:ASts0Ljpezsf/Lrxn9AiQwvM8hZDgh6cVBsepVEsY7/ICmco0ADXEi:HtrszsHxfjv7Dg1Dc7/IxEi
Threatray 9 similar samples on MalwareBazaar
TLSH 7DE4E160BDD0E479E71E26304C16DCBA026ABC0456BAFC6F32DE2D6F15B2262F117794
Reporter abuse_ch
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
2
# of downloads :
177
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/116602/
Detection(s):
SecuriteInfo.com.Trojan.Dridex.735.5867.9356.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
23 / 100
Link:
https://www.joesandbox.com/analysis/604892
Signature
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 351477 Sample: UFgleO6Bo7.dll Startdate: 10/02/2021 Architecture: WINDOWS Score: 23 34 Machine Learning detection for sample 2->34 14 loaddll32.exe 1 2->14         started        process3 process4 16 rundll32.exe 14->16         started        process5 18 rundll32.exe 16->18         started        process6 20 rundll32.exe 18->20         started        process7 22 rundll32.exe 20->22         started        process8 24 rundll32.exe 22->24         started        process9 26 rundll32.exe 24->26         started        process10 28 rundll32.exe 26->28         started        process11 30 rundll32.exe 28->30         started        process12 32 rundll32.exe 30->32         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4707cc2c4a34697dc0cee836a78e30d79785177c65938af845cba3782c9d850b/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2021-02-10 17:01:07 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=i4d4ylckgrux3qgo5a3kpdrq26lykf34mwjyv6cfzorxqle5qufq._file
Verdict:
unknown
Similar samples:
08859ac4f1ffc2f704daef2a26e05b4f36c93ac54f2288f0c00f15395819f36a
Dridex
26bf46b79aeb7775dbf7ccef58f5becb631ac14591ec9e1cdad6962600db5bc6
Dridex
3492d7a110e1745ed6c308da51de7b141e800febd2f62cf8d2797bffa694665b
Dridex
77734c9865fd31b3551462126dc27387775ba3a969ec1cb4b6c9fccf45ce43dd
Dridex
77d877ee5c36b18049942136221236b2f650080bf3dd7ca883bcb00ba9582d18
Dridex
7f74994cfed1a06818e7083a8d1f462065a21d23d742e59ff0a9a66a6bf93bf5
Dridex
81222472b041091fc7af2308fee853b197d8b6dd0010dada181c153998535dd0
Dridex
b6cf019dca618ebc676b84c40846e0a9a2050689b35845af2f12a93442fb25e8
Dridex
cc242ab99ab6100dcdc98f004f26041fdd5b67015630d73bff76b03a3d2d607f
Dridex
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210210-vgr9d636ta/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
4707cc2c4a34697dc0cee836a78e30d79785177c65938af845cba3782c9d850b
MD5 hash:
98e93c1a19ed0a60107be4f8761c7c04
SHA1 hash:
bb714307a34ba01bd565c21444048c5174c67f5b
Link:
https://www.unpac.me/results/8fbfd810-c689-4af1-9e8f-45868ab96869/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4707cc2c4a34697dc0cee836a78e30d79785177c65938af845cba3782c9d850b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 4707cc2c4a34697dc0cee836a78e30d79785177c65938af845cba3782c9d850b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/979110/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/116602/

Comments