MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 53ce752aa18d36320fc8a1c0fa6993dc866416bccc613a4fef80f2427d224824. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Dridex

Vendor detections: 11

Intelligence 11 IOCs YARA 3 File information Comments

SHA256 hash:	53ce752aa18d36320fc8a1c0fa6993dc866416bccc613a4fef80f2427d224824
SHA3-384 hash:	8081066f5ceb152600f0c5914b67e7ec562b293f20820331b65eae94b2f7c101f3fe12a850bda81068c0bd005b81ee97
SHA1 hash:	f117cff3c0faebc00edf9e53494f110d204d6b7a
MD5 hash:	aafaeb157be3e6f9250b324d55acfed2
humanhash:	vegan-lion-mockingbird-vermont
File name:	aafaeb157be3e6f9250b324d55acfed2.exe
Download:	download sample
Signature	Dridex Create hunting rule
File size:	732'672 bytes
First seen:	2021-08-20 05:41:37 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	86360006ae3e568402cb51af35d0bc4c (1 x Dridex)
ssdeep	12288:FM+ZdkmHubeaCo6Vyg2A/sUQBJ8zSVacsb0z:FMcpTo6P0BOmkc1
Threatray	835 similar samples on MalwareBazaar
TLSH	T12DF4DF1267ADD658C8ADFE31DCE596B28363FC215EB0655B3B40391A3831B620DDC72E
dhash icon	e89662496dbb96e8 (1 x Dridex)
Reporter	abuse_ch
Tags:	Dridex exe

Intelligence

File Origin

# of uploads :

# of downloads :

138

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

aafaeb157be3e6f9250b324d55acfed2.exe

Verdict:

Malicious activity

Analysis date:

2021-08-20 05:45:18 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/82324a82-64cf-4346-bc98-64e3493cb8a4

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

DridexLoader

Link:

https://www.capesandbox.com/analysis/180857/

Detection(s):

Win.Malware.Genkryptik-9883301-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Connection attempt

Sending a custom TCP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Dridex

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/bf8b99e5-b0cc-4e50-8b19-99681d3edc35

Result

Threat name:

Dridex

Detection:

malicious

Classification:

bank.troj.evad

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/836231

Signature

C2 URLs / IPs found in malware configuration

Detected Dridex e-Banking trojan

Detected unpacking (changes PE section rights)

Found malware configuration

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected Dridex unpacked file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/53ce752aa18d36320fc8a1c0fa6993dc866416bccc613a4fef80f2427d224824/

Threat name:

Win32.Trojan.Qshell

Status:

Malicious

First seen:

2021-08-14 19:05:30 UTC

AV detection:

24 of 28 (85.71%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=kphhkkvbru3ded6iuhapu2mt3sdgifv4zrqtut7pqdzee7jcjasa._file

Verdict:

malicious

Label(s):

dridex

Dridex

43ef2ed6c4ee2e7bdc2d73dcaa282ab908f8021636c47a0b8be83b6a135029f6

Dridex

89b3261aeda0d7f5cfac096c7e899460c850e7135edee9550e6fcc38b8eaceff

Dridex

c99b4a39f1f0eed0b89576edc9d847c300ab9377ccb1891f8634f9a195222821

Dridex

d3a4a5945a9c5c8b74b11457d728f288c994bd865db59acceca62d1226d53cab

Dridex

+ 825 additional samples on MalwareBazaar

Result

Malware family:

dridex

Score:

10/10

Tags:

family:dridex botnet:10111 botnet discovery evasion trojan

Link:

https://tria.ge/reports/210820-m3c6csf9ka/

Behaviour

Checks installed software on the system

Checks whether UAC is enabled

Dridex

Malware Config

C2 Extraction:

50.116.62.25:8194
144.76.85.240:9043
185.143.48.16:7443

Unpacked files

SH256 hash:

f478f6af1d75d9828f9c91f871f7659b54dc1f045ad368a4e2f63d1f66cf939f

MD5 hash:

e8b3d91e64348ea7dd1562f3479120ec

SHA1 hash:

b2df16b05165ce8328f9b1838ce9eae364555377

Link:

https://www.unpac.me/results/b64b4d8a-e3cc-4164-88d9-0e19c720d211/

SH256 hash:

53ce752aa18d36320fc8a1c0fa6993dc866416bccc613a4fef80f2427d224824

MD5 hash:

aafaeb157be3e6f9250b324d55acfed2

SHA1 hash:

f117cff3c0faebc00edf9e53494f110d204d6b7a

Link:

https://www.unpac.me/results/b64b4d8a-e3cc-4164-88d9-0e19c720d211/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.28

Link:

https://yomi.yoroi.company/submissions/53ce752aa18d36320fc8a1c0fa6993dc866416bccc613a4fef80f2427d224824

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	DridexLoader Create hunting rule
Author:	kevoreilly
Description:	Dridex v4 dropper C2 parsing function

Rule name:	dridex_halo_generated Create hunting rule
Author:	Halogen Generated Rule, Corsin Camichel

Rule name:	win_dridex_loader_v2 Create hunting rule
Author:	Johannes Bader @viql
Description:	detects some Dridex loaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/180857/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample