MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 745873208ce43a3b250f1dab6bb43f6cf1aeff3a8d5b6da890b5cfe865b35455. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 745873208ce43a3b250f1dab6bb43f6cf1aeff3a8d5b6da890b5cfe865b35455
SHA3-384 hash: 4995db20a54c52430809d058ad609831210d24b506f05d092d2318abbc87fba8bb873068eea2e90f18041ecb38387abd
SHA1 hash: 0d91fd355f9824b232c6423c410cb0a760146563
MD5 hash: 501352dd7db1d943b6ccf838c4ae9b9e
humanhash: black-bacon-michigan-stream
File name:gkd9jtb9zpng
Download: download sample
Signature Dridex
Create hunting rule
File size:505'856 bytes
First seen:2020-11-19 13:29:38 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 12f25ebeed521e2d0259962ab830dd62 (1 x Dridex)
ssdeep 12288:M0eLT1+Z0UR7mTHScU0hZ3ClBKOuDWytjCWb1yrkgSqRq1K:6T1IR4UwClIOuDDt1yMmq1K
Threatray 1 similar samples on MalwareBazaar
TLSH 04B4F101B392C031D4BF0230847DC9D9872D7E514AB49E8772D82B3FAEE76A46165F97
Reporter JAMESWT_WT
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
147
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/542958
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 320575 Sample: gkd9jtb9zpng Startdate: 19/11/2020 Architecture: WINDOWS Score: 48 25 Multi AV Scanner detection for submitted file 2->25 8 loaddll32.exe 1 2->8         started        process3 process4 10 cmd.exe 1 8->10         started        12 regsvr32.exe 8->12         started        process5 14 iexplore.exe 2 83 10->14         started        process6 16 iexplore.exe 5 160 14->16         started        dnsIp7 19 edge.gycpi.b.yahoodns.net 87.248.118.23, 443, 49727, 49728 YAHOO-DEBDE United Kingdom 16->19 21 tls13.taboola.map.fastly.net 151.101.1.44, 443, 49729, 49730 FASTLYUS United States 16->21 23 10 other IPs or domains 16->23
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/745873208ce43a3b250f1dab6bb43f6cf1aeff3a8d5b6da890b5cfe865b35455/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-11-19 13:04:32 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ormhgiem4q5dwjipdwvwxnb7nty257z2rvnw3keqwxh6qzntkrkq._file
Verdict:
unknown
Similar samples:
516dc982c55cb340e5970dc62a79c0bfeba90e98220f8981fe7b720835b7d415
Dridex
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet loader
Link:
https://tria.ge/reports/201119-shz9g9tz6a/
Behaviour
Suspicious use of WriteProcessMemory
Dridex Loader
Dridex
Malware Config
C2 Extraction:
162.241.44.26:9443
192.232.229.53:4443
77.220.64.34:443
193.90.12.121:3098
Unpacked files
SH256 hash:
745873208ce43a3b250f1dab6bb43f6cf1aeff3a8d5b6da890b5cfe865b35455
MD5 hash:
501352dd7db1d943b6ccf838c4ae9b9e
SHA1 hash:
0d91fd355f9824b232c6423c410cb0a760146563
Link:
https://www.unpac.me/results/8bf0ce59-775f-4c71-87e7-295b5cbaf02c/
SH256 hash:
170eb738ea2e9ffb0910fd7305e2eceebb07a5362cc76949ef4031fa0ef6cc5e
MD5 hash:
63b131d69cc66eb2131b71064b3811e5
SHA1 hash:
7202b3b41e199542ff51a5f61f88485446ec5ac7
Link:
https://www.unpac.me/results/8bf0ce59-775f-4c71-87e7-295b5cbaf02c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/745873208ce43a3b250f1dab6bb43f6cf1aeff3a8d5b6da890b5cfe865b35455

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 745873208ce43a3b250f1dab6bb43f6cf1aeff3a8d5b6da890b5cfe865b35455

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/832917/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/832918/
  
URLhaus
https://urlhaus.abuse.ch/url/832919/
  
URLhaus
https://urlhaus.abuse.ch/url/832920/
  
URLhaus
https://urlhaus.abuse.ch/url/832922/
  
URLhaus
https://urlhaus.abuse.ch/url/832921/
  
URLhaus
https://urlhaus.abuse.ch/url/832923/
  
URLhaus
https://urlhaus.abuse.ch/url/833206/
  
URLhaus
https://urlhaus.abuse.ch/url/833219/

Comments