MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 49d74586702b241657c8f26ba551963251ee0bda94b383bdd6d746cc6390d7ef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Dridex

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	49d74586702b241657c8f26ba551963251ee0bda94b383bdd6d746cc6390d7ef
SHA3-384 hash:	cf9312af5b605e9e502c3001171dbba1e0b96cbbd0139dd9e658013cd9942e89ba8b74b6d0847f580d5865f3bbb8cfa8
SHA1 hash:	b6c8c4592d04916238e506f0672f9b243cb2de7d
MD5 hash:	b8b8a1bad12b9977e8c8f9891bb87100
humanhash:	don-green-lemon-equal
File name:	b8b8a1bad12b9977e8c8f9891bb87100.dll
Download:	download sample
Signature	Dridex Create hunting rule
File size:	65'536 bytes
First seen:	2021-01-09 17:17:09 UTC
Last seen:	2021-01-09 18:53:59 UTC
File type:	dll
MIME type:	application/x-dosexec
ssdeep	768:R8mKv4uWVnotPgjk4n9IcxwoxdW5JB5VGwTK/kJis2otGLdMPIy05TLsJy/oY5ve:CavKc2oxI5fqkJisYMAy05sA/oehSt
Threatray	4 similar samples on MalwareBazaar
TLSH	3353AF703791C472C5D29176C015AB19A7FE7D01AB3A89C767E62C9A2E703D0A33E2C6
Reporter	abuse_ch
Tags:	dll Dridex

Intelligence

File Origin

# of uploads :

2

# of downloads :

309

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/111124/

Detection(s):

SecuriteInfo.com.Trojan.Dridex.735.32225.27429.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

clean

Classification:

n/a

Score:

3 / 100

Link:

https://www.joesandbox.com/analysis/577326

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/49d74586702b241657c8f26ba551963251ee0bda94b383bdd6d746cc6390d7ef/

Threat name:

Win32.Trojan.Ulise

Status:

Malicious

First seen:

2021-01-09 17:18:06 UTC

AV detection:

9 of 45 (20.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=jhlulbtqfmsbmv6i6jv2kumwgji64c62sszyhpow25dmyy4q27xq._file

Verdict:

malicious

Similar samples:

3b1309d5b6b22786209cd378d53cccc323b33ae5e75dac3e07e53b32c46e67d3

4e6fa76a7436db34f333229ff4fb355a60a98038702b828c31b38bf70a325a62

b5360ecfb9f6acf73785533948430720c2bd3364df73b9e2405c12e9c1433af6

d6324644c2a267bea0322c4f817b7a4029129e68959cdeb25f53f8e1f9ddeaad

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210109-k9224zjywe/

Behaviour

Suspicious use of WriteProcessMemory

Unpacked files

SH256 hash:

49d74586702b241657c8f26ba551963251ee0bda94b383bdd6d746cc6390d7ef

MD5 hash:

b8b8a1bad12b9977e8c8f9891bb87100

SHA1 hash:

b6c8c4592d04916238e506f0672f9b243cb2de7d

Link:

https://www.unpac.me/results/3053d241-a66b-4166-a34d-de8a69e2f20d/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.14

Link:

https://yomi.yoroi.company/submissions/49d74586702b241657c8f26ba551963251ee0bda94b383bdd6d746cc6390d7ef

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll 49d74586702b241657c8f26ba551963251ee0bda94b383bdd6d746cc6390d7ef

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/779744/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/111124/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample