MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6006ab5e4fbab4d984c251d0b683040058df4ba02c51af93049617c17bb9586e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6006ab5e4fbab4d984c251d0b683040058df4ba02c51af93049617c17bb9586e
SHA3-384 hash: 8ce61def5c2f6ae1790c61d5d94ecb0e2d6bdaf5f3894ba193acbeee621c60e5a8a15bb584364985a9cc1b9bcb1da087
SHA1 hash: f18ef60e21b7635dbc1a56213facda40791d5e7b
MD5 hash: 9544eb3037edadd82bd4c0445fbac415
humanhash: asparagus-winner-crazy-pizza
File name:9544eb3037edadd82bd4c0445fbac415
Download: download sample
Signature Dridex
Create hunting rule
File size:524'288 bytes
First seen:2021-12-20 17:43:57 UTC
Last seen:2021-12-21 13:59:13 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 5ad3b93adc2f9b7a31e634988c069f77 (85 x Dridex)
ssdeep 12288:12cK4kV9W/k7MNKABzMyLi8E6+DnOM2Swyuhn:UkMs9
Threatray 5'725 similar samples on MalwareBazaar
TLSH T154B4AF92960F6767E43C32B3E8E36436AB434F280DD4BDE5BA00764F733D498649D686
Reporter zbetcheckin
Tags:32 dll Dridex exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
149
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Lazy-9916990-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/61c0c0ee8991ba72b38ed95a/reports/61fea40a-6fea-4e4c-a742-5a485a905927/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Dridex
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1db958e5-2640-4fc0-989c-7fa6b467f0c1
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/910492
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Tries to delay execution (extensive OutputDebugStringW loop)
Yara detected Dridex unpacked file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 542971 Sample: 0RMz74QnNK Startdate: 20/12/2021 Architecture: WINDOWS Score: 80 23 89.31.56.58 UNITHOST-ASNL Netherlands 2->23 25 51.159.52.196 OnlineSASFR France 2->25 27 2 other IPs or domains 2->27 31 Found malware configuration 2->31 33 Multi AV Scanner detection for submitted file 2->33 35 Yara detected Dridex unpacked file 2->35 37 3 other signatures 2->37 9 loaddll32.exe 1 2->9         started        signatures3 process4 signatures5 39 Tries to delay execution (extensive OutputDebugStringW loop) 9->39 12 cmd.exe 1 9->12         started        14 rundll32.exe 9->14         started        process6 process7 16 rundll32.exe 12->16         started        18 WerFault.exe 9 14->18         started        process8 20 WerFault.exe 23 9 16->20         started        dnsIp9 29 192.168.2.1 unknown unknown 20->29
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6006ab5e4fbab4d984c251d0b683040058df4ba02c51af93049617c17bb9586e/
Threat name:
Win32.Trojan.KryptikAGen
Create hunting rule
Status:
Malicious
First seen:
2021-12-20 17:44:14 UTC
File Type:
PE (Dll)
AV detection:
24 of 28 (85.71%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
doppeldridex
Create hunting rule
dridex
Create hunting rule
Similar samples:
2ed4c30203ad5091fac0cb694f5dca3af5a591e0de6a56a0dfb51f20ba82fbc9
Dridex
4e41e0a0750125693aeadde94e11f23f9b29a81b26b41463117bd39d19374f84
Dridex
69c083542e53579cfd344f93d7109f13a676adf4d73fa41425b3b0fa1dc702e4
Dridex
752cc527d4c57db8e25158c476c2cc059c688d68b869428f1c5fce651e47a4b2
Dridex
b3f2455dbdfadfdb76026bff37d4180f90b8dcfed7ce84043e2fcef4ae33b5e1
Dridex
e5607a5a103d6bc04f97ffdeea63ba4629a6f99d55d89d2b2047e6d61c539357
Dridex
ee14add8eb5342d6c672dbff573b0737ac4f718f06d2881f9d319e6c806db770
Dridex
+ 5'715 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet:22203 botnet loader
Link:
https://tria.ge/reports/211220-wa6t5scbhp/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Dridex Loader
Dridex
Malware Config
C2 Extraction:
51.159.52.196:443
134.209.247.135:6602
194.233.68.48:5228
89.31.56.58:593
Unpacked files
SH256 hash:
6006ab5e4fbab4d984c251d0b683040058df4ba02c51af93049617c17bb9586e
MD5 hash:
9544eb3037edadd82bd4c0445fbac415
SHA1 hash:
f18ef60e21b7635dbc1a56213facda40791d5e7b
Link:
https://www.unpac.me/results/39bc980c-2f8f-4a67-80b4-0c5727702583/
Malware family:
Dridex
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/6006ab5e4fba/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6006ab5e4fbab4d984c251d0b683040058df4ba02c51af93049617c17bb9586e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 6006ab5e4fbab4d984c251d0b683040058df4ba02c51af93049617c17bb9586e

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1902439/

Comments


Avatar
zbet commented on 2021-12-20 17:43:58 UTC

url : hxxp://csminas.ddns.net/YQ8/SHnfDvhKBJfqkkklgbtq.bin