MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 50ce64c36ae7338663d3adbfe1d28679513dcf1ff4ff0355d867c1ff4ea7ead3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 50ce64c36ae7338663d3adbfe1d28679513dcf1ff4ff0355d867c1ff4ea7ead3
SHA3-384 hash: 3064b73f483f07f3a34135233e97e1bb731abb36261001c151d29cd15ebf7107919291dbfd7aaedb401bc563f68e4689
SHA1 hash: 60f75ac91464218758194f01732601076133d1e8
MD5 hash: 46852d53b7c4fad18feb5b45d43c0a96
humanhash: alabama-jupiter-triple-fruit
File name:2020-06-22-initial-Dridex-DLL-retrieved-by-spreadsheet-macro.bin
Download: download sample
Signature Dridex
Create hunting rule
File size:380'928 bytes
First seen:2020-06-26 08:45:01 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 0eaa5595d00b47de011282d15edb531f (3 x Dridex)
ssdeep 6144:jLSSU2zp6nAB6E0Xq3hbjV1Jj6vMRU/YbAk5bFL8c5HQ70GZqGIOkqcjxNxb19:XSwzpP26PmjQbptUbgqS7xJ9
Threatray 29 similar samples on MalwareBazaar
TLSH 2D84D001BE91C07AE666623B8D61CA74637DFDC41B3418E736C40F8BF62A2D14B31766
Reporter JAMESWT_WT
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
108
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/14801/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Detection:
dridex
Create hunting rule
Link:
https://mwdb.cert.pl/sample/50ce64c36ae7338663d3adbfe1d28679513dcf1ff4ff0355d867c1ff4ea7ead3/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 08:10:37 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kdhgjq3k44zymy6tvw76duugpfit3ty76t7qgvoym7a76tvh5ljq._file
Verdict:
malicious
Similar samples:
363d9a5910dac53138195fa18c8e43eb99360213ff1abdd5f2a1b0b34208fea7
Dridex
59b5aaa1b9d1225610007636ef70dec8f0f1889661d12690d02494718f7df54b
Dridex
6a39a3e7387f3d214042b2d9d99f4d6de18303d56ad96c9a48df20cf4693091b
Dridex
785ccb690ab29b445fa7b0b13e49a5ca1aad7bfe2b3a017e8bd883d96b734187
Dridex
8f587faf3a428d68d8e1215171e47f12c72800b48058f516e4f5d176d6e43625
Dridex
957b1e8b7308eb577f784e30e88ec055739300e59300b0bf61a5a3d78aedfb8f
Dridex
a01539a9b0e994cce7c65347149bf99a2cfbc5a262472fef6ea53e5bbbe01d66
Dridex
bce8828ca6641e52c061074e1190cbe058195cf51b91b22ae915043826a69831
Dridex
d725785ec3970b75ecb17a7e5ac14d93ce7a54d259dffc74e8222ed8cfb8b6b3
Dridex
e69b8fd60587c96889281d8d227d73f3e3f279c7b40902489a4359277ae9f727
Dridex
+ 19 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
evasion trojan discovery
Link:
https://tria.ge/reports/200626-73mxb29sh2/
Behaviour
Suspicious use of WriteProcessMemory
Checks whether UAC is enabled
Checks for installed software on the system
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://www.malware-traffic-analysis.net/2020/06/22/index.html
Cape
Cape
https://www.capesandbox.com/analysis/14801/

Comments