MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5bc58bd0e44cf01c7df342f2b6e86a0eca08e399fb89f8d3ae73d7a7c973bf35. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5bc58bd0e44cf01c7df342f2b6e86a0eca08e399fb89f8d3ae73d7a7c973bf35
SHA3-384 hash: aee86833c47d1370b7075b001051acaf1390cc1057b117dd1a4975e34ef5713c464e65fcf620c90b2d9db5cff0c0225b
SHA1 hash: 9ceab7b121c898775ed167f590b70f19b770a28a
MD5 hash: 57c129d9c95c290ccd4929cd311d8a09
humanhash: maine-alpha-triple-nitrogen
File name:57c129d9c95c290ccd4929cd311d8a09.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:338'549 bytes
First seen:2020-11-07 07:33:52 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
ssdeep 6144:S3s9vfpA09TUZiYWpcl8Yte2YMnnWZI8VQ3SSOED1nUmhMwHpId7XGn:Sc9vDhUZiYWpcl80YMnv3YERntMwHpqO
Threatray 34 similar samples on MalwareBazaar
TLSH 4B742A06FBC40E77C9CB3176C4591177827BEE9507A5FA0357B9B948DAB13E93B20A02
Reporter abuse_ch
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Dridex.735.11434.31330.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
24 / 100
Link:
https://www.joesandbox.com/analysis/523682
Signature
a
c
d
e
f
g
h
i
L
M
n
o
p
r
s
t
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5bc58bd0e44cf01c7df342f2b6e86a0eca08e399fb89f8d3ae73d7a7c973bf35/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-11-07 07:35:06 UTC
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lpcyxuhejtyby7ptilzln2dkb3fary4z7oe7ru5oopl2psltx42q._file
Verdict:
unknown
Similar samples:
34906b0447d9ccdd3edc167f3c01a8a9bbd4550159efbb71f7149398bbf404ce
Dridex
3c2a6706749ae6f13563a9e632fcf1f2428149c1fd41a815c51e15cfa2791e0e
Dridex
3e2200ba4cff1f42584d4fd0dbdc24634da3463e6e0f5183f802b9d8cc8c42bc
Dridex
46847b2ea53782a10fd82ab4ec2ac705d4029c9e93e7201e3b0f0928d2c34858
Dridex
512d27808f244696510e2129a5b87623cf73a354e065c28c6abfe023c2b9f647
Dridex
6b748a0e8362708fff37d236e176850fade4242e0e439a32bbbe52c11e961341
Dridex
6f44a7e56eb2efe65e35576ea02c37a740a7ec8c8d12b57be29012ad9894dad1
Dridex
94ae9dc233446e0595d9904c2306b8b9b149a66f40378cdcd52d9090a89d1a2f
Dridex
ce1dd4671c2f31856e6f8c275ca00c0ed3219a981c749d9e278aa7de550e7a4f
Dridex
f3a8a9aa53b8694b31e7584950d80eb276a1ed6cfab24cb392eed78d546ea9f9
Dridex
+ 24 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201107-l1127bjkhn/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
5bc58bd0e44cf01c7df342f2b6e86a0eca08e399fb89f8d3ae73d7a7c973bf35
MD5 hash:
57c129d9c95c290ccd4929cd311d8a09
SHA1 hash:
9ceab7b121c898775ed167f590b70f19b770a28a
Link:
https://www.unpac.me/results/e12539ac-4b42-4a66-9191-248798d0ae08/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 5bc58bd0e44cf01c7df342f2b6e86a0eca08e399fb89f8d3ae73d7a7c973bf35

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/658191/
  
Delivery method
Distributed via web download

Comments