MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 785ccb690ab29b445fa7b0b13e49a5ca1aad7bfe2b3a017e8bd883d96b734187. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 785ccb690ab29b445fa7b0b13e49a5ca1aad7bfe2b3a017e8bd883d96b734187
SHA3-384 hash: b0c3e3f80683793e36376ad448c119915c90905ce0c01d0486e176886560f6dd162ace931a1ca3f64fba18aaffdb47bc
SHA1 hash: 6a41d6ac8ee623d6dbde2ac4f47c997e8218f31f
MD5 hash: e22e531078bad7e944b08337410eb509
humanhash: triple-triple-helium-sweet
File name:sym.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:380'928 bytes
First seen:2020-06-22 12:50:30 UTC
Last seen:2020-06-22 13:33:39 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 0eaa5595d00b47de011282d15edb531f (3 x Dridex)
ssdeep 6144:jLSSU23p6nAB6E0Xq3hbjV1Jj6vMRU/YbAk5bFL8c5HQ70GZqGIOkqcjxNxb19:XSw3pP26PmjQbptUbgqS7xJ9
Threatray 29 similar samples on MalwareBazaar
TLSH C984D001BE91C07AE666623B8D61CA74637DFDC41B3418E736C40F8BF62A2D14B31766
Reporter abuse_ch
Tags:dll Dridex


Avatar
abuse_ch
Dridex payload URL:
https://terrasimonad.com/?<SID>

Intelligence

File Origin
# of uploads :
2
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/12612/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/785ccb690ab29b445fa7b0b13e49a5ca1aad7bfe2b3a017e8bd883d96b734187/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-22 12:52:05 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pbomw2ikwknuix5hwcyt4snfzink2676fm5ac7ul3cb5s23tigdq._file
Verdict:
malicious
Similar samples:
363d9a5910dac53138195fa18c8e43eb99360213ff1abdd5f2a1b0b34208fea7
Dridex
50ce64c36ae7338663d3adbfe1d28679513dcf1ff4ff0355d867c1ff4ea7ead3
Dridex
59b5aaa1b9d1225610007636ef70dec8f0f1889661d12690d02494718f7df54b
Dridex
6a39a3e7387f3d214042b2d9d99f4d6de18303d56ad96c9a48df20cf4693091b
Dridex
8f587faf3a428d68d8e1215171e47f12c72800b48058f516e4f5d176d6e43625
Dridex
957b1e8b7308eb577f784e30e88ec055739300e59300b0bf61a5a3d78aedfb8f
Dridex
a01539a9b0e994cce7c65347149bf99a2cfbc5a262472fef6ea53e5bbbe01d66
Dridex
bce8828ca6641e52c061074e1190cbe058195cf51b91b22ae915043826a69831
Dridex
d725785ec3970b75ecb17a7e5ac14d93ce7a54d259dffc74e8222ed8cfb8b6b3
Dridex
e69b8fd60587c96889281d8d227d73f3e3f279c7b40902489a4359277ae9f727
Dridex
+ 19 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery evasion trojan
Link:
https://tria.ge/reports/200624-vjygl4kbee/
Behaviour
Suspicious use of WriteProcessMemory
Checks for installed software on the system
Checks whether UAC is enabled
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dridex

Excel file xlsm bfee589efb80fccdc2c19e16b54fa19d2a9ee7f5c359e0340cd568dce09f8ecb

Dridex

DLL dll 785ccb690ab29b445fa7b0b13e49a5ca1aad7bfe2b3a017e8bd883d96b734187

(this sample)

  
Dropped by
MD5 4dd9dfc92887e8c02cbc54a2abf73fb2
  
Dropped by
SHA256 bfee589efb80fccdc2c19e16b54fa19d2a9ee7f5c359e0340cd568dce09f8ecb
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/12612/

Comments