MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5ae258cd945721e699415cd0c590dfd63080ad5f7cc59154cebb7ac74474960f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Dridex

Vendor detections: 5

Intelligence 5 IOCs YARA 1 File information Comments

SHA256 hash:	5ae258cd945721e699415cd0c590dfd63080ad5f7cc59154cebb7ac74474960f
SHA3-384 hash:	23c5faf90fe9257c9d12eaaf95aaf4d25b0e0db289ee5dae352db8d56a329f43ff21663d8366b4397ddabe5b78705a73
SHA1 hash:	8a607c177aba815c9e2dd08dbf3435570f368c37
MD5 hash:	b57bab9766de5f46a24e9c31eaa6ab75
humanhash:	cold-arizona-emma-idaho
File name:	a9jlwkgzip
Download:	download sample
Signature	Dridex Create hunting rule
File size:	1'670'656 bytes
First seen:	2020-10-29 13:54:31 UTC
Last seen:	2020-11-05 22:13:14 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	679b4c2926bdb1d6dd9e2a0688788909 (1 x Dridex)
ssdeep	49152:KE0PnFtXHl90vsCfC4WZ93FfUWyFFmi+Y+0KPS:30PFtLFz3dUve
Threatray	3 similar samples on MalwareBazaar
TLSH	9575F1627692D078C1638139CE88E9FE871ABD16DF24199735C43F6F3A3A4610F39B16
Reporter	JAMESWT_WT
Tags:	Dridex

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/80972/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/516134

Signature

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

System process connects to network (likely due to code injection or exploit)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5ae258cd945721e699415cd0c590dfd63080ad5f7cc59154cebb7ac74474960f/

Threat name:

Win32.Trojan.Drixed

Status:

Malicious

First seen:

2020-10-28 18:35:00 UTC

File Type:

PE (Dll)

AV detection:

20 of 29 (68.97%)

Threat level:

5/5

Verdict:

unknown

Dridex

86f09ef05798927f80dfd314969dc0b47cfb01e1124bc1babd6fd8eaaeab2f66

Dridex

9e6e3e7c605547601964990bda7c213c62b9ad22c1c95119053e947fb97df5ac

Dridex

Result

Malware family:

dridex

Score:

10/10

Tags:

family:dridex botnet discovery evasion loader trojan

Link:

https://tria.ge/reports/201029-z7hp3lryp2/

Behaviour

Suspicious use of WriteProcessMemory

Checks installed software on the system

Checks whether UAC is enabled

Blacklisted process makes network request

Dridex Loader

Dridex

Malware Config

C2 Extraction:

77.220.64.55:443
51.254.163.104:1688
165.22.65.75:3388
103.41.110.115:33443

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.