MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 62c45e44733f5b35caffc143a3e8cdb120b40f49dda103524739d22019d2835a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 62c45e44733f5b35caffc143a3e8cdb120b40f49dda103524739d22019d2835a
SHA3-384 hash: 9ae52e54f9dedccf5be2a38c8b29c17720e7816551e7315fd250e21620e56a18c10fae9a7f22f8b2dafbc1a13a519810
SHA1 hash: bc69b993758cd7bc556b5cbb33c6066933692f4c
MD5 hash: c31b87a602e073c23ab09bb39429f0ba
humanhash: north-magnesium-zulu-north
File name:nfO6vyCm.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:159'744 bytes
First seen:2020-11-30 23:53:52 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash d018da091368ddf894984e8df4922b17 (3 x Dridex)
ssdeep 3072:s04MGfObYfRcmyT79rK3WLLnjsIMU8Tr5XgRq:s04MepcmyT7w3WLBMU8xX
TLSH EAF3D08422606CF3C3B25F325213BB2AF9B5AC0E8916DB45CACE3DB5DBDD1841516E1D
Reporter Anonymous
Tags:Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
136
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/106141/
Detection(s):
SecuriteInfo.com.Generic.mg.275e621895d2a822.31741.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
23 / 100
Link:
https://www.joesandbox.com/analysis/551526
Signature
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 324875 Sample: nfO6vyCm.dll Startdate: 01/12/2020 Architecture: WINDOWS Score: 23 12 Machine Learning detection for sample 2->12 6 loaddll32.exe 1 2->6         started        process3 process4 8 WerFault.exe 3 9 6->8         started        10 WerFault.exe 3 9 6->10         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/62c45e44733f5b35caffc143a3e8cdb120b40f49dda103524739d22019d2835a/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-11-30 23:54:06 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mlcf4rdth5ntlsx7yfb2h2gnweqlid2j3wqqgushhhjcagosqnna._file
Verdict:
unknown
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet loader
Link:
https://tria.ge/reports/201130-k7rt6apjye/
Behaviour
Suspicious use of WriteProcessMemory
Dridex Loader
Dridex
Malware Config
C2 Extraction:
192.175.111.220:443
64.225.35.35:3098
208.71.173.207:3098
217.79.184.242:4443
Unpacked files
SH256 hash:
62c45e44733f5b35caffc143a3e8cdb120b40f49dda103524739d22019d2835a
MD5 hash:
c31b87a602e073c23ab09bb39429f0ba
SHA1 hash:
bc69b993758cd7bc556b5cbb33c6066933692f4c
Link:
https://www.unpac.me/results/ce8fa71b-b07e-4b75-8d03-0442ed84ac14/
SH256 hash:
47976e543cbc34572b095fb0940e8fe7bb3fd94ab6f226e5e3a18b22a7ae6647
MD5 hash:
35578f09a0c50d1a36a0b2b29216c22c
SHA1 hash:
ed09f3b235d42d8be6cf98f57346a07b64012b91
Link:
https://www.unpac.me/results/ce8fa71b-b07e-4b75-8d03-0442ed84ac14/
SH256 hash:
0cb521c80f53776162118ed7599cd2428d03ef657afed7e113eac8d7e0efc611
MD5 hash:
613ac39b3587e100319733db128eede9
SHA1 hash:
ac666c8aadf12da371ddea030627bcc886b7c2fe
Detections:
win_dridex_auto
Create hunting rule
Link:
https://www.unpac.me/results/ce8fa71b-b07e-4b75-8d03-0442ed84ac14/
Parent samples :
1d00275235ee548ab9a9e75b6a5c78bd94a95b5611494f633f2173e3fba11fbc
d6ede8bb0efc6675aa83e08fe7c15ac4f273127373d9677c32e64d7314853db3
62c45e44733f5b35caffc143a3e8cdb120b40f49dda103524739d22019d2835a
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.24
Link:
https://yomi.yoroi.company/submissions/62c45e44733f5b35caffc143a3e8cdb120b40f49dda103524739d22019d2835a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/106141/

Comments