MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 688bc9341860e2f04f307f162f71a628896bc6ca9fa200be54eee05a4b69cb72. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 688bc9341860e2f04f307f162f71a628896bc6ca9fa200be54eee05a4b69cb72
SHA3-384 hash: 90ef1971e8494fd49e1ae3ad78ac121712a7eb180b67a2cf0b197537ac5a9995b733979e208a1000590df4618ffc1b1b
SHA1 hash: 18a05909877ba997e3acda5426d5a28a4159c089
MD5 hash: f3895703410910aa0ef2f7da6a12dd49
humanhash: lactose-single-july-nine
File name:SecuriteInfo.com.Variant.Graftor.981531.21000.9246
Download: download sample
Signature Dridex
Create hunting rule
File size:179'712 bytes
First seen:2021-07-28 18:57:45 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 9451e8b8b1259e622801dd0cdc59802c (11 x Dridex)
ssdeep 3072:cC1Oe6ths2hyT0DzJfN3ZKU3YkmN5Sw4Q2kUl59Pn9ObAAW0f3:cC1Oem/DzJhok45X4HPYb
Threatray 4'703 similar samples on MalwareBazaar
TLSH T15704C08FC297C9F8EC62063C1917911B1668BC024F3DEE7BC6C6D92DC748D68486EA5D
Reporter SecuriteInfoCom
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
148
Origin country :
n/a
Vendor Threat Intelligence
Detection:
DridexLoader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/174825/
Detection(s):
SecuriteInfo.com.Variant.Graftor.981531.21000.9246.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Dridex
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/9bd40a6f-d4f8-4b37-bcee-6824849a90df
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/823343
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Found PHP interpreter
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected Dridex unpacked file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 455752 Sample: SecuriteInfo.com.Variant.Gr... Startdate: 28/07/2021 Architecture: WINDOWS Score: 76 17 104.248.178.90 DIGITALOCEAN-ASNUS United States 2->17 19 173.212.243.155 CONTABODE Germany 2->19 21 46.55.222.10 BALCHIKNETBG Bulgaria 2->21 23 Found malware configuration 2->23 25 Multi AV Scanner detection for submitted file 2->25 27 Yara detected Dridex unpacked file 2->27 29 3 other signatures 2->29 9 loaddll32.exe 1 2->9         started        signatures3 process4 process5 11 cmd.exe 1 9->11         started        process6 13 rundll32.exe 11->13         started        process7 15 WerFault.exe 23 9 13->15         started       
Gathering data
Threat name:
Win32.Trojan.Drixed
Create hunting rule
Status:
Malicious
First seen:
2021-07-28 14:01:04 UTC
AV detection:
22 of 46 (47.83%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
doppeldridex
Create hunting rule
dridex
Create hunting rule
Similar samples:
0893622b4cc79e8ab24242dc4b5fc2640accb0170ca99c91643ba3b2f89a80a7
Dridex
0b32835f121d563857dc69b69ddfdd56dbd6ce93d7d6dce074891cf1c16e96e5
Dridex
0eada128b45a683c41d6da28fe1aa1be6b8bce3e3934c95d98f75e1c33639eed
Dridex
1d494dd45497f3eb51817013dcd072da86410233e75f296a5840567740691b64
Dridex
abafe8306d007ef0c693fdac39cec74d01fd0c31d7e9eeb9c9aae1dcfb279db6
Dridex
cc2225427a9465620f4fb894cb999802c7aaaf2703d4aab275fb49d8774171e2
Dridex
f034db216df8d2e4b49cdfeae61e367c021d40458433f2af1068db8a9823d7d9
Dridex
f41f8a10bb34e70b9b6299b97008a996c11ea663546aa491dac882a63038ec3c
Dridex
f8c56a2e79f9c648130668de931327b8fbd66059aed2e889a5189f916cd51cc0
Dridex
fe8ad836bd93823a5bd495e56bc54f7f57db0bba46c0662bcd6ae87b42eb3555
Dridex
+ 4'693 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet:22201 botnet loader
Link:
https://tria.ge/reports/210728-8p8hqy2cf2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Dridex Loader
Dridex
Suspicious use of NtCreateProcessExOtherParentProcess
Malware Config
C2 Extraction:
46.55.222.10:443
104.248.178.90:4664
173.212.243.155:7002
Unpacked files
SH256 hash:
084a05f98389073e3cb0c1ada80790bc93785dd5b0f22c436c9e6d24b9c5a63a
MD5 hash:
95ddda041930b7b0ff199eb628335443
SHA1 hash:
fbaeeba2510a7e6e2c031ac90c9ca1e07dde6301
Detections:
win_doppeldridex_auto
Create hunting rule
Link:
https://www.unpac.me/results/a5ca6cd0-dea5-4cf6-be37-892d0c7b0943/
SH256 hash:
0ea1c6d243f0bb670cfee8f0b14a228a3bfe53478fd40cdf85641ce1204993a8
MD5 hash:
dd9abed0e3b3abde98e6f5924541df1c
SHA1 hash:
555773056834ecf4b8d5e766c5ea445c00b3c9b8
Detections:
win_dridex_auto
Create hunting rule
Link:
https://www.unpac.me/results/a5ca6cd0-dea5-4cf6-be37-892d0c7b0943/
Parent samples :
f8c56a2e79f9c648130668de931327b8fbd66059aed2e889a5189f916cd51cc0
f034db216df8d2e4b49cdfeae61e367c021d40458433f2af1068db8a9823d7d9
f41f8a10bb34e70b9b6299b97008a996c11ea663546aa491dac882a63038ec3c
cc2225427a9465620f4fb894cb999802c7aaaf2703d4aab275fb49d8774171e2
0eada128b45a683c41d6da28fe1aa1be6b8bce3e3934c95d98f75e1c33639eed
1d494dd45497f3eb51817013dcd072da86410233e75f296a5840567740691b64
abafe8306d007ef0c693fdac39cec74d01fd0c31d7e9eeb9c9aae1dcfb279db6
0893622b4cc79e8ab24242dc4b5fc2640accb0170ca99c91643ba3b2f89a80a7
fe8ad836bd93823a5bd495e56bc54f7f57db0bba46c0662bcd6ae87b42eb3555
0b32835f121d563857dc69b69ddfdd56dbd6ce93d7d6dce074891cf1c16e96e5
688bc9341860e2f04f307f162f71a628896bc6ca9fa200be54eee05a4b69cb72
SH256 hash:
688bc9341860e2f04f307f162f71a628896bc6ca9fa200be54eee05a4b69cb72
MD5 hash:
f3895703410910aa0ef2f7da6a12dd49
SHA1 hash:
18a05909877ba997e3acda5426d5a28a4159c089
Link:
https://www.unpac.me/results/a5ca6cd0-dea5-4cf6-be37-892d0c7b0943/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.14
Link:
https://yomi.yoroi.company/submissions/688bc9341860e2f04f307f162f71a628896bc6ca9fa200be54eee05a4b69cb72

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFuture
Create hunting rule
Author:ditekSHen
Description:Detect executables with stomped PE compilation timestamp that is greater than local current time

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 688bc9341860e2f04f307f162f71a628896bc6ca9fa200be54eee05a4b69cb72

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1487670/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/174825/
  
URLhaus
https://urlhaus.abuse.ch/url/1489219/

Comments