MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 75696d0d13749306f8dbb5818e181ea2093e166189b480b3c58c4ceb8770d064. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 10


Intelligence 10 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 75696d0d13749306f8dbb5818e181ea2093e166189b480b3c58c4ceb8770d064
SHA3-384 hash: 692c0b060ad3679208bdc927bd7f010dc1832b7e9e795c080dd55f54fe4bb02beb527086352cc744e994e64daa9fee83
SHA1 hash: 704e9cf59612ddba84fe680f198f2170625cfff4
MD5 hash: 05ea32a0200a33650498158c3af44702
humanhash: missouri-eleven-foxtrot-pasta
File name:05ea32a0200a33650498158c3af44702.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:241'664 bytes
First seen:2021-01-21 18:31:29 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 7df9dbed14147558d9c2b16fc9eecc49 (5 x Dridex)
ssdeep 6144:s4V3yyQTz8ITeRDZSw3D2Fsd1u/6mv5/dC:sciyQTdT+swTgt/6c/dC
Threatray 161 similar samples on MalwareBazaar
TLSH F134BF803797851BE26217B8317AE5F81138FE4067B1CF253A60716F1EB69A0593FBB4
Reporter abuse_ch
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
179
Origin country :
n/a
Vendor Threat Intelligence
Detection:
DridexV4
Create hunting rule
Link:
https://www.capesandbox.com/analysis/113378/
Detection(s):
SecuriteInfo.com.Generic.mg.16a37a19c2db0cf2.14628.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
22 / 100
Link:
https://www.joesandbox.com/analysis/587680
Signature
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 342866 Sample: AUO20xRhc7.dll Startdate: 21/01/2021 Architecture: WINDOWS Score: 22 12 Machine Learning detection for sample 2->12 6 loaddll32.exe 1 2->6         started        process3 process4 8 WerFault.exe 3 9 6->8         started        10 WerFault.exe 3 9 6->10         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/75696d0d13749306f8dbb5818e181ea2093e166189b480b3c58c4ceb8770d064/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2021-01-21 18:32:07 UTC
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ovuw2ditosjqn6g3wway4ga6uiet4ftbrg2ibm6frrgoxb3q2bsa._file
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
2cb94e38a1930e97de56e8a310155f8b98f4effa7ffd5e3553bec6f5f9539fb2
Dridex
39a05f74f92f6552734c04faebde326200f02f60b5c10a1062195a04ab94da8d
Dridex
538dbb8edaeba882aaf0b8f624a043699dd7544784352352a3b2b28ab6bad8e1
Dridex
6dd691de8fde45048114ef90b481ca7160fe39ab182e727b073f3fda3e2f3259
Dridex
88813cbb3272347ca08a88e9ce1064bfdaf317d564c8c22c377f18a6e6fa2618
Dridex
a81a824a4030808e0998064a90a4905fa87808e46f75c0c8d38a8f771a0d3288
Dridex
ac0e2a63a741fe311d13210f830d6995ade78652b6705420d1c382cd8a825eab
Dridex
b1c5f8455b82ed52709846267e516590c9e97019fe406691eb5b100e45e3bd78
Dridex
eac020aa33b9585b92e202a58b1924b1b628a7cad2d39236b423110c221fa481
Dridex
f6958b6419aa600cedccb269ab7727319c7bab43bf0a99f5e2a3e9e2565b27e0
Dridex
+ 151 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet discovery evasion loader trojan
Link:
https://tria.ge/reports/210121-hg5fmm8bp2/
Behaviour
Suspicious use of WriteProcessMemory
Checks installed software on the system
Checks whether UAC is enabled
Blocklisted process makes network request
Dridex Loader
Dridex
Malware Config
C2 Extraction:
77.220.64.40:443
8.4.9.152:3786
185.246.87.202:3098
Unpacked files
SH256 hash:
56a59226904cbdb2662e2180b4e879b659856675d7d27503a37a94f9ea35ff14
MD5 hash:
4a5ff3ec180cea9849c69997d4bc21dd
SHA1 hash:
286f2e17cb28caabf9db8ecfcc1b41ced6107ffb
Detections:
win_dridex_auto
Create hunting rule
Link:
https://www.unpac.me/results/906518f8-a965-4db4-9c9d-2b77300659f5/
Parent samples :
f6958b6419aa600cedccb269ab7727319c7bab43bf0a99f5e2a3e9e2565b27e0
39a05f74f92f6552734c04faebde326200f02f60b5c10a1062195a04ab94da8d
538dbb8edaeba882aaf0b8f624a043699dd7544784352352a3b2b28ab6bad8e1
75696d0d13749306f8dbb5818e181ea2093e166189b480b3c58c4ceb8770d064
SH256 hash:
7b06b15ed34d22e6e99a63c461f306639f153e8c9107ed7fc5d775c6866de817
MD5 hash:
69c27c0b42d299b7496ee4f276213d93
SHA1 hash:
c067d526e45d373bf022a4990bdcadb9c507ea84
Link:
https://www.unpac.me/results/906518f8-a965-4db4-9c9d-2b77300659f5/
SH256 hash:
75696d0d13749306f8dbb5818e181ea2093e166189b480b3c58c4ceb8770d064
MD5 hash:
05ea32a0200a33650498158c3af44702
SHA1 hash:
704e9cf59612ddba84fe680f198f2170625cfff4
Link:
https://www.unpac.me/results/906518f8-a965-4db4-9c9d-2b77300659f5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/75696d0d13749306f8dbb5818e181ea2093e166189b480b3c58c4ceb8770d064

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DridexV4
Create hunting rule
Author:kevoreilly
Description:Dridex v4 Payload
Rule name:Keylog_bin_mem
Create hunting rule
Author:James_inthe_box
Description:Contains Keylog
Rule name:win_dridex_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 75696d0d13749306f8dbb5818e181ea2093e166189b480b3c58c4ceb8770d064

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/113378/
  
URLhaus
https://urlhaus.abuse.ch/url/972591/
  
Delivery method
Distributed via web download

Comments