MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 60586b7211948ea1df291d62660445cfe231230b6a2063c78596a57651067720. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 60586b7211948ea1df291d62660445cfe231230b6a2063c78596a57651067720
SHA3-384 hash: 9e917ec2f18dda6566eaf003953fa18a49086ba9c1a885de07fc9a4d163fba177475f01290dafdaba1bfa7c7dc3a4736
SHA1 hash: 2d968f48658e51a93b1a7ad768b6705046638975
MD5 hash: 5b4de46aee52cf976a7f5b417f58c04c
humanhash: minnesota-idaho-beryllium-saturn
File name:5b4de46aee52cf976a7f5b417f58c04c.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:335'872 bytes
First seen:2020-09-08 07:41:26 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash a9dcba22e49d69dd17ae0f6b7ed41420 (8 x Dridex)
ssdeep 6144:f65QdB7ab5FaBYA3JBaUH/kOyQ1SDofgEcwY1KEcyk1emcwQ3oj:f6Cveb5FaP1HTyQ14ugjXKjveF
TLSH 3464D001BBE99084F3BB2BB0D8B73199173E3EDFC4F59A2C5A040D5D1CB5B525894BA2
Reporter abuse_ch
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
164
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.34489458.30900.1870.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Detection:
dridex
Create hunting rule
Link:
https://mwdb.cert.pl/sample/60586b7211948ea1df291d62660445cfe231230b6a2063c78596a57651067720/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-09-07 22:40:58 UTC
File Type:
PE (Dll)
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mbmgw4qrsshkdxzjdvrgmbcfz7rdciylniqghr4fs2sxmuigo4qa._file
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
botnet loader family:dridex
Link:
https://tria.ge/reports/200908-xcrzap1vla/
Behaviour
Suspicious use of WriteProcessMemory
Dridex Loader
Dridex
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/60586b7211948ea1df291d62660445cfe231230b6a2063c78596a57651067720

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 60586b7211948ea1df291d62660445cfe231230b6a2063c78596a57651067720

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/455319/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/455323/
  
URLhaus
https://urlhaus.abuse.ch/url/455333/
  
URLhaus
https://urlhaus.abuse.ch/url/455335/
  
URLhaus
https://urlhaus.abuse.ch/url/455346/
Cape
Cape
https://www.capesandbox.com/analysis/57817/

Comments