MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 50cd54b0c2b933ff3b79cac46e54e74bc45cb5f6f46a141cd877a5b04a0f672b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 50cd54b0c2b933ff3b79cac46e54e74bc45cb5f6f46a141cd877a5b04a0f672b
SHA3-384 hash: 913969627239b421238df475cf14cfa98cacd0d65d478332fcb4c07e6f50ac4f4341b470ebf13837d55bb155d00ccf44
SHA1 hash: 3551902ce8b340a1bd834a68e4044f7bfd9f8683
MD5 hash: b39e2d4ed0d4f9e27f33a431f6cf8a9b
humanhash: solar-ten-fourteen-princess
File name:b39e2d4ed0d4f9e27f33a431f6cf8a9b
Download: download sample
Signature Dridex
Create hunting rule
File size:622'592 bytes
First seen:2021-10-14 02:06:01 UTC
Last seen:2021-10-14 03:09:21 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash f3365777c64be56b4998dc4b02b58f1e (4 x Dridex)
ssdeep 12288:7ZGQdqOGzJJqydLqQSeCqsVK8kPRGO35N9mVpzXc6:7Z09WjeCVVK8kP9N9ol
Threatray 881 similar samples on MalwareBazaar
TLSH T1E1D4E8013A40E821E7E55576DE2AC7E85B087D48EFB1A4CB78E17F0F2AA99F3D255301
Reporter zbetcheckin
Tags:32 dll Dridex exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
225
Origin country :
n/a
Vendor Threat Intelligence
Detection:
DridexLoader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/197394/
Detection(s):
SecuriteInfo.com.Trojan.Dridex.735.24898.20172.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware
Link:
https://www.filescan.io/uploads/6167908e9fb4d8593d644bf4/reports/2bda3fc4-c797-4047-b702-0bbf0d304e58/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Dridex
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/21bd7cd8-58f3-4cda-b8d9-d1f996a8f788
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
bank.troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/870140
Signature
C2 URLs / IPs found in malware configuration
Connects to many ports of the same IP (likely port scanning)
Detected Dridex e-Banking trojan
Found malware configuration
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected Dridex unpacked file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 502568 Sample: 3SIU7qNAjC Startdate: 14/10/2021 Architecture: WINDOWS Score: 88 29 Found malware configuration 2->29 31 Multi AV Scanner detection for submitted file 2->31 33 Yara detected Dridex unpacked file 2->33 35 2 other signatures 2->35 7 loaddll32.exe 13 2->7         started        process3 signatures4 39 Detected Dridex e-Banking trojan 7->39 10 cmd.exe 1 7->10         started        12 rundll32.exe 7->12         started        15 rundll32.exe 7->15         started        17 rundll32.exe 7->17         started        process5 signatures6 19 rundll32.exe 12 10->19         started        41 Detected Dridex e-Banking trojan 12->41 process7 dnsIp8 23 174.128.245.202, 443, 49743, 49750 ST-BGPUS United States 19->23 25 51.83.3.52, 13786, 49753, 49761 OVHFR France 19->25 27 69.64.50.41, 49763, 49769, 49778 AS-30083-GO-DADDY-COM-LLCUS United States 19->27 37 System process connects to network (likely due to code injection or exploit) 19->37 signatures9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/50cd54b0c2b933ff3b79cac46e54e74bc45cb5f6f46a141cd877a5b04a0f672b/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2021-10-13 23:44:11 UTC
AV detection:
9 of 45 (20.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kdgvjmgcxez76o3zzlcg4vhhjpcfznpw6rvbihgyo6s3asqpm4vq._file
Verdict:
malicious
Label(s):
dridex
Create hunting rule
gozi
Create hunting rule
Similar samples:
30b6438b14eac5337f6d0f81997a4fce356611fc19155ae3650d5df21e894e74
Dridex
48df40524456a981de9356a9b89ecfded629e931b85e9f8519effb9d4079379c
Dridex
8243d4138835db46bef1051fd0b396a110968deb97078b07fbd6ab60b6cc3bc3
Dridex
96b51e628389b4044eb4c4d262deadbcfa778db13a7768ab7806b0e1f81d2ebf
Dridex
ac152e73957a8cb702eb7f18bb38e2bf92e4702e108ac71d403b829600b2029f
Dridex
b6ab389440b4a038ffde4ca381640a0bd982f8e970bcffdbe82629c0ae395ca7
Dridex
b6bd8479ef5943eaf26efdcda11ab09bf0569ad2295ba905fc0901511ca7c286
Dridex
ca93714ecbd8d40896d6c4c49cda2fc03750ebf334a26418ef960571006d8b5c
Dridex
de81f923ca4c12378688a8e26fbb0ec11d69d35f509cff7815fd3d4bc9bb0f59
Dridex
f4aaca975059e9bd029b5f7b0e7089eef5422aae9c676ab160467ef3424afd2b
Dridex
+ 871 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet:10444 botnet discovery evasion trojan
Link:
https://tria.ge/reports/211014-cjex8sffg6/
Behaviour
Suspicious use of WriteProcessMemory
Checks installed software on the system
Checks whether UAC is enabled
Blocklisted process makes network request
Dridex
Malware Config
C2 Extraction:
174.128.245.202:443
51.83.3.52:13786
69.64.50.41:6602
Unpacked files
SH256 hash:
59103e7eaeeca085c1e0031b99b87f002e783bf5853da742a478fdffcdf8f8fa
MD5 hash:
8dcf0a4e36b4cf1c75c93d4f4a716eee
SHA1 hash:
edb8abe0f1ab47346478fee25b28c45313273e89
Link:
https://www.unpac.me/results/77f32443-7431-4d6a-b2eb-43c8daea99d1/
SH256 hash:
50cd54b0c2b933ff3b79cac46e54e74bc45cb5f6f46a141cd877a5b04a0f672b
MD5 hash:
b39e2d4ed0d4f9e27f33a431f6cf8a9b
SHA1 hash:
3551902ce8b340a1bd834a68e4044f7bfd9f8683
Link:
https://www.unpac.me/results/77f32443-7431-4d6a-b2eb-43c8daea99d1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/50cd54b0c2b933ff3b79cac46e54e74bc45cb5f6f46a141cd877a5b04a0f672b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 50cd54b0c2b933ff3b79cac46e54e74bc45cb5f6f46a141cd877a5b04a0f672b

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1674108/
  
URLhaus
https://urlhaus.abuse.ch/url/1675933/
Cape
Cape
https://www.capesandbox.com/analysis/197394/

Comments


Avatar
zbet commented on 2021-10-14 02:06:03 UTC

url : hxxp://carabaillo.ottimosoft1.com/c78zdj.jpg