MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 759e9ea6bc1659d394373100078c2643146b694696b0758ab117a55dccd38bb2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 759e9ea6bc1659d394373100078c2643146b694696b0758ab117a55dccd38bb2
SHA3-384 hash: 2fab78efc6f28a5df39fdafa68a9ab1db618bae3f49db883999245a500dda44eb20cc3394717e79985bc7edefb795a57
SHA1 hash: b877ca1e5ddb69ddca7d8541e7837cb2b6df669f
MD5 hash: c35b4957949090f6767f376231e19933
humanhash: whiskey-london-michigan-leopard
File name:c35b4957949090f6767f376231e19933.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:158'152 bytes
First seen:2021-01-08 08:01:41 UTC
Last seen:2021-01-08 09:50:38 UTC
File type:DLL dll
MIME type:application/x-dosexec
ssdeep 3072:S6bEo/21a7oR2CygSlISgofZl5rRUWmVcCKJ:SU+koR2Cyg7SgofZl5rkeJ
Threatray 10 similar samples on MalwareBazaar
TLSH 6CF3AE10B682D071E7696138C846E675566A7C351779FECB6BC21CB34E303D3E63A28E
Reporter abuse_ch
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
2
# of downloads :
185
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/110920/
Detection(s):
SecuriteInfo.com.ArtemisC35B49579490.2210.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
23 / 100
Link:
https://www.joesandbox.com/analysis/576446
Signature
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 337275 Sample: vMEQMtEXxp.dll Startdate: 08/01/2021 Architecture: WINDOWS Score: 23 10 Machine Learning detection for sample 2->10 6 loaddll32.exe 1 2->6         started        process3 process4 8 WerFault.exe 6 9 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/759e9ea6bc1659d394373100078c2643146b694696b0758ab117a55dccd38bb2/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=owpj5jv4czm5hfbxgeaapdbgimkgw2kgs2yhlcvrc6sv3tgtroza._file
Verdict:
suspicious
Similar samples:
142b34879f514aaca5092081860f52f0578d551255186416f07914c91b7909c2
Dridex
144c4169fba54d84b6f8b73bae6d28473b7e7cd09b3d032343cd79e01878549b
Dridex
58215823021c2da84fcf725bbb9b118aba9b72178577cba1d4c69545b9ae7fa2
Dridex
6655db45455ee07617a6c59c08c42adb41f71aace686438b81f6ae81663b8ab2
Dridex
8131a4efe8cd0df08b0dc44a83079aa0dd7cf88c39c85f5caa13b43a950f9a9b
Dridex
93557acc77e443c48e47bc3f1bda781c6584ff360fd4c0cccb797cd6e61f15b7
Dridex
b0d9f78957650a0bc42b0bf646e3d158f713de64ee5e6ab395cf777e93a7a240
Dridex
d197285f37378d669afe2da7d3c60dcb93c118acf0d059d14ca67dcd73708ed2
Dridex
d720af33d2bfd971d3b8e281c5f1b463389f9923eff1efa81351fd0e1a413e94
Dridex
df2524f89b7247e931a13644d2c00bbc94095eb8e4755a9db2421bd46f365f7c
Dridex
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210108-gakq5p8pza/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
759e9ea6bc1659d394373100078c2643146b694696b0758ab117a55dccd38bb2
MD5 hash:
c35b4957949090f6767f376231e19933
SHA1 hash:
b877ca1e5ddb69ddca7d8541e7837cb2b6df669f
Link:
https://www.unpac.me/results/0217da06-fec2-4942-8db8-6440b311d87e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.24
Link:
https://yomi.yoroi.company/submissions/759e9ea6bc1659d394373100078c2643146b694696b0758ab117a55dccd38bb2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 759e9ea6bc1659d394373100078c2643146b694696b0758ab117a55dccd38bb2

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/902127/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/110920/

Comments