MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 57efc1dfb758d4ed2c550e44ac01e93c71d2eaf7b0d8b4b7fd364d6f5069d9e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 57efc1dfb758d4ed2c550e44ac01e93c71d2eaf7b0d8b4b7fd364d6f5069d9e8
SHA3-384 hash: 3bdfdd245c55d4ee4fb088bb30f5d745e12ec1eeb02e5f4256e9e13de602307c1e92fe7b4445224c8cf4beccdfd84456
SHA1 hash: a5b419e570136866d793d51bc498731aa51edbe6
MD5 hash: 95cc84b83fe02e3b970397634b300816
humanhash: kentucky-football-stream-triple
File name:57efc1dfb758d4ed2c550e44ac01e93c71d2eaf7b0d8b4b7fd364d6f5069d9e8
Download: download sample
Signature Dridex
Create hunting rule
File size:282'624 bytes
First seen:2020-11-30 13:43:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 32052ab5fa2fb84174ff06f09d0e5a64 (1 x Dridex)
ssdeep 6144:dytBFn2yUMVlmPR6bBre2XjBH77SAhEy:MLFnX5VwR81HXjBbFh
Threatray 185 similar samples on MalwareBazaar
TLSH 6A541225F0AD61AEFE835B3C459996778428013392048F0FE5CAAC45B87D8C795ADF2F
Reporter JAMESWT_WT
Tags:Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
225
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/106045/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.34643341.7057.20609.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Firseria-6804617-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
bank.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/550887
Signature
Antivirus / Scanner detection for submitted sample
Detected Dridex e-Banking trojan
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/57efc1dfb758d4ed2c550e44ac01e93c71d2eaf7b0d8b4b7fd364d6f5069d9e8/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-10-02 02:15:07 UTC
File Type:
PE (Exe)
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=k7x4dx5xldko2lcvbzckyapjhry5f2xxwdmljn75gzgw6udj3hua._file
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
38f2683c82f5f04e7e1f11a1be5913e3b2363e3336b97dfbcb229cc39b4a492e
Dridex
52dc6da720ff69d8dea66a117fb1fd57e7db0366ec7f55b05cce18f6a3477cc8
Dridex
560478c5532f341407bed4a90de3f7a53bb36d500691f1f41e7d18a44f354f8a
Dridex
57c2b0bd17c02b9fee7bf05df8bb7698a2e127a8f0278fd83156ae6251534e9e
Dridex
82902f13b895c92b0995e65d4de03ff0cd50d89bbc027dc5e7ec338d9bede821
Dridex
83c390d82e19beec14d007b7350f4296c23ce9b3d131a3670ebb7424ad917410
Dridex
9f38af84820dc29e805029409bbb2a5765036775973e3898b6db1f66c1b47270
Dridex
ae13c96938d54f2f37d2fe5a7d267e2d4d3b7f5215bfbdc3cedf312b7e2fa412
Dridex
b354b40413ec755a51a63ab930860d9078d9ad157f1f18b0d0c441d73bf6691c
Dridex
df2ed991a6ab65f2bc05805376dcf34de7febc5c5d4b37d400546e4e01d90fc0
Dridex
+ 175 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet discovery evasion loader trojan
Link:
https://tria.ge/reports/201130-8pnyrqw8v2/
Behaviour
Checks installed software on the system
Checks whether UAC is enabled
Dridex Loader
Dridex
Malware Config
C2 Extraction:
178.62.189.250:443
217.79.184.243:33443
195.159.28.230:4443
Unpacked files
SH256 hash:
098a1e67a7b440d70b11785e9d346fc127a19a127c6f88a724da66263476a6a0
MD5 hash:
fca3797c7971b077f75836394107c6a1
SHA1 hash:
45129113fe7b94decae4e41ab358218ff0615944
Link:
https://www.unpac.me/results/a62cf1c1-36f4-4d1d-a5e5-b4ec6c53920e/
SH256 hash:
57efc1dfb758d4ed2c550e44ac01e93c71d2eaf7b0d8b4b7fd364d6f5069d9e8
MD5 hash:
95cc84b83fe02e3b970397634b300816
SHA1 hash:
a5b419e570136866d793d51bc498731aa51edbe6
Link:
https://www.unpac.me/results/a62cf1c1-36f4-4d1d-a5e5-b4ec6c53920e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Dridex
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/57efc1dfb758d4ed2c550e44ac01e93c71d2eaf7b0d8b4b7fd364d6f5069d9e8

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_dridex_loader_v2
Create hunting rule
Author:Johannes Bader @viql
Description:detects some Dridex loaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/106045/

Comments