MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 72d14b5dbeb6122616375a565b069cb2ef855fc5f581eddc6851d9bda1ed0974. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 72d14b5dbeb6122616375a565b069cb2ef855fc5f581eddc6851d9bda1ed0974
SHA3-384 hash: 06e5d72ddf38ae1ba58399784e862cbb0d1aca902a3883b37b3eef216284765758e62bee870e90cc50d495d2110caa18
SHA1 hash: 32376d51c297c0d3fec7c98d5b1bcfb2a5917468
MD5 hash: 1dbbce7b3bf66574b877d33326c17f02
humanhash: michigan-hot-quebec-juliet
File name:vapirum409.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:321'536 bytes
First seen:2020-06-30 05:46:50 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash eb1a69e1836bef0dcd422a8753d813f0 (1 x Dridex)
ssdeep 6144:SUm+fu4a7F59VNb8arKsuzzXUFjFBaEzT7ZorNjHVNdAc/0:SUm+fw779jb88T0zoFlzipdf0
Threatray 59 similar samples on MalwareBazaar
TLSH 1864CF1276C1D575C49742B09EA9E2FA8AFCFC60DE208C9337C85F8F6B215D09639762
Reporter JAMESWT_WT
Tags:Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/16781/
Detection(s):
SecuriteInfo.com.Win32.Kryptik.HEMZ.6935.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Detection:
dridex
Create hunting rule
Link:
https://mwdb.cert.pl/sample/72d14b5dbeb6122616375a565b069cb2ef855fc5f581eddc6851d9bda1ed0974/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 17:42:18 UTC
File Type:
PE (Dll)
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=oliuwxn6wyjcmfrxljlfwbu4wlxykx6f6wa63xdikhm33ipnbf2a._file
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
1ff4c95e6cfadea75c82c76a1adc24e0c570d0a3c6dd423c22c5d00e0eb343a5
Dridex
87386671fde0711dec82c78b3517858e4c86bbeac6854bcb8b541fc8a71d5425
Dridex
8f587faf3a428d68d8e1215171e47f12c72800b48058f516e4f5d176d6e43625
Dridex
9383f31f7bc24ff78b9b021ad004b5ea5d782dc86f11aa7b9f636ddd214223d0
Dridex
957b1e8b7308eb577f784e30e88ec055739300e59300b0bf61a5a3d78aedfb8f
Dridex
9dd7c421939c2618ca5fa163cf9688a64954f23252d67655bae0005f495f45e8
Dridex
a01539a9b0e994cce7c65347149bf99a2cfbc5a262472fef6ea53e5bbbe01d66
Dridex
b66a5d391335b6dc827225b6531f172151d8a87c7514de789bcaf1999b0645ff
Dridex
c6de2ef240cdca97e8d5d6fdcfc7bfd8d5c81a47204d268bd08e4b963d66a64b
Dridex
d6d737cec7b0cacc3ddcd3e6d2a8d40adbbd95e9676aabaf80b1e2120e04a89d
Dridex
+ 49 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
evasion trojan discovery
Link:
https://tria.ge/reports/200630-nqczvs9nwx/
Behaviour
Suspicious use of WriteProcessMemory
Checks whether UAC is enabled
Checks for installed software on the system
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 72d14b5dbeb6122616375a565b069cb2ef855fc5f581eddc6851d9bda1ed0974

(this sample)

  
Link
https://bentorium.com/vapirum409.dll
Cape
Cape
https://www.capesandbox.com/analysis/16781/
  
URLhaus
https://urlhaus.abuse.ch/url/403305/
  
Delivery method
Distributed via web download

Comments