MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5318e37342a182a4e56633079a85c630ac8a0ce43b3567d2b00d3b6d2355d91d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5318e37342a182a4e56633079a85c630ac8a0ce43b3567d2b00d3b6d2355d91d
SHA3-384 hash: ef1c5ef45e8f2b64df1e9ebd3528e36abbee2878a8f4b505c6d2a5b602c7e3435a09735d1fa95ffae1ef4e8c14a13ecf
SHA1 hash: 8035dbe38ab7cba944ec9435dcf5e6089fa80440
MD5 hash: f87302b39fcf6c96995e1ceba8ae45c7
humanhash: california-hot-lake-happy
File name:5318e37342a182a4e56633079a85c630ac8a0ce43b3567d2b00d3b6d2355d91d
Download: download sample
Signature Dridex
Create hunting rule
File size:382'464 bytes
First seen:2021-03-23 06:48:41 UTC
Last seen:2021-03-23 09:11:09 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 5383492b5e907d0dc6a11002282063a4 (13 x Dridex)
ssdeep 6144:iazDDMR7/G47LrVk7gGKLtfV55dgbjPdU1eSWbj8:iiAR7/GkOnkttGdU1el8
Threatray 602 similar samples on MalwareBazaar
TLSH FB84BF3160D1C769D243A9378874B6579FE9ECF4667880CFDFD268BF46348D0663888A
Reporter Cryptolaemus1
Tags:10444 Dridex


Avatar
Cryptolaemus1
Dridex 10444

Intelligence

File Origin
# of uploads :
2
# of downloads :
113
Origin country :
n/a
Vendor Threat Intelligence
Detection:
DridexLoader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/126425/
Detection(s):
SecuriteInfo.com.Variant.Zusy.373068.21870.11386.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/649438
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Found potential dummy code loops (likely to delay analysis)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected Dridex unpacked file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 373677 Sample: SRH2EHlixv Startdate: 23/03/2021 Architecture: WINDOWS Score: 76 19 103.18.108.116 NET1-AS-APNetVirtuePtyLtdAU Australia 2->19 21 37.247.35.130 NEDZONE-ASNL Netherlands 2->21 23 210.65.244.179 HINETDataCommunicationBusinessGroupTW Taiwan; Republic of China (ROC) 2->23 25 Found malware configuration 2->25 27 Multi AV Scanner detection for submitted file 2->27 29 Yara detected Dridex unpacked file 2->29 31 2 other signatures 2->31 8 loaddll32.exe 1 2->8         started        signatures3 process4 process5 10 rundll32.exe 8->10         started        13 cmd.exe 1 8->13         started        15 rundll32.exe 8->15         started        signatures6 33 Found potential dummy code loops (likely to delay analysis) 10->33 17 rundll32.exe 13->17         started        process7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5318e37342a182a4e56633079a85c630ac8a0ce43b3567d2b00d3b6d2355d91d/
Threat name:
Win32.Trojan.Mikey
Create hunting rule
Status:
Malicious
First seen:
2021-03-23 06:49:07 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
0528e47420092ceebddda93b66960bcbc35151a367ef20b6f5827e60c2522d98
Dridex
0fc859cdbabed7b248622618449f5876e9f1808d9fd547fd42f60a0a52e06618
Dridex
41c7eb49c7cf4244feae8e17fcd8842fb7bea51c29c68707d941cd068d25a8ca
Dridex
45b182301b171044076a9083f6aad0019937c3816d97d686d75d2f777c4fbd19
Dridex
5dbe134246056fa0a93ba44c492d4a21bc0a2366a5f00b2e090d132d04d63a1f
Dridex
61253883f2cbdebcdc0cd51556d98435a5966b1ecb02a3c52a1f083a466157d8
Dridex
64aae4d3fc7d534bfa4a47dafa50a0f9e59770bda9e8e8e90f21faee2526c680
Dridex
ace691c336e0c9a311681ccd4768d52feacc30e13e667ee577a590bff837caa9
Dridex
cc73ac7d10f057f1d32e907dcc5dcd88c8b3067e151e58b64d60f12d15353a69
Dridex
f63e56f814ec286a5fb824307c2ef8e61c516855ef5efa1a0799cfe2e95d3b8b
Dridex
+ 592 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet:10444 botnet discovery evasion loader trojan
Link:
https://tria.ge/reports/210323-bp6nkeqq8x/
Behaviour
Suspicious use of WriteProcessMemory
Checks installed software on the system
Checks whether UAC is enabled
Blocklisted process makes network request
Dridex Loader
Dridex
Malware Config
C2 Extraction:
210.65.244.179:443
37.247.35.130:6601
103.18.108.116:6601
Unpacked files
SH256 hash:
f517f8b8ee0d93d35d38aeb7ed0bdc530c254ac3fd8c676d7c4537f6038b16bc
MD5 hash:
cf1b354521ea92b6a2da74d05db874cf
SHA1 hash:
0825807f5ad193e8750ab94e7f49348d4bf1634b
Link:
https://www.unpac.me/results/a1ab7467-97f9-450d-9871-f3735569aa33/
SH256 hash:
5318e37342a182a4e56633079a85c630ac8a0ce43b3567d2b00d3b6d2355d91d
MD5 hash:
f87302b39fcf6c96995e1ceba8ae45c7
SHA1 hash:
8035dbe38ab7cba944ec9435dcf5e6089fa80440
Link:
https://www.unpac.me/results/a1ab7467-97f9-450d-9871-f3735569aa33/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5318e37342a182a4e56633079a85c630ac8a0ce43b3567d2b00d3b6d2355d91d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 5318e37342a182a4e56633079a85c630ac8a0ce43b3567d2b00d3b6d2355d91d

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/126425/
  
URLhaus
https://urlhaus.abuse.ch/url/1084052/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1084548/
  
URLhaus
https://urlhaus.abuse.ch/url/1084031/
  
URLhaus
https://urlhaus.abuse.ch/url/1085547/
  
URLhaus
https://urlhaus.abuse.ch/url/1085548/
  
URLhaus
https://urlhaus.abuse.ch/url/1085559/
  
URLhaus
https://urlhaus.abuse.ch/url/1084554/
  
URLhaus
https://urlhaus.abuse.ch/url/1084015/
  
URLhaus
https://urlhaus.abuse.ch/url/1084017/
  
URLhaus
https://urlhaus.abuse.ch/url/1084010/
  
URLhaus
https://urlhaus.abuse.ch/url/1084018/
  
URLhaus
https://urlhaus.abuse.ch/url/1084558/
  
URLhaus
https://urlhaus.abuse.ch/url/1084571/
  
URLhaus
https://urlhaus.abuse.ch/url/1084568/
  
URLhaus
https://urlhaus.abuse.ch/url/1084043/
  
URLhaus
https://urlhaus.abuse.ch/url/1084048/
  
URLhaus
https://urlhaus.abuse.ch/url/1083778/
  
URLhaus
https://urlhaus.abuse.ch/url/1084026/
  
URLhaus
https://urlhaus.abuse.ch/url/1084577/
  
URLhaus
https://urlhaus.abuse.ch/url/1084581/
  
URLhaus
https://urlhaus.abuse.ch/url/1084572/
  
URLhaus
https://urlhaus.abuse.ch/url/1084032/

Comments