MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 790b0d9e2b17f637c3e03e410aa22d16eccfefd28d74b226a293c9696edb60ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 790b0d9e2b17f637c3e03e410aa22d16eccfefd28d74b226a293c9696edb60ad
SHA3-384 hash: 296a0453456a48999d3e885f23c18c9d500862e910771c95d1d37ee313f4d46e08f339a4c1edb2ea8dc02732a56b2cb4
SHA1 hash: 93c8937a2e46881ed6ac8f4574ed51d3eed6be4c
MD5 hash: fdd760e04f9f6e13ed4afc641c0a2112
humanhash: burger-south-kitten-utah
File name:4jvmowzip
Download: download sample
Signature Dridex
Create hunting rule
File size:331'776 bytes
First seen:2020-09-09 10:12:36 UTC
Last seen:2020-09-09 20:06:36 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 2cab58e57e2dc442524d4dc15c61cdab (3 x Dridex)
ssdeep 6144:qyFUaMVbo0KJkrc7vmGzMB5Xps+62b1NR+1Njo1N/Q1N2xA:dUa2nKyrc7vDoBta+7ZNRQNjiN/qNSA
Threatray 58 similar samples on MalwareBazaar
TLSH FB64D04163EB204DF4BFBFF2A4799245ACBE7C958438454DE320085F42BA2B6895EF71
Reporter JAMESWT_WT
Tags:Dridex

Intelligence

File Origin
# of uploads :
4
# of downloads :
183
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Generic.mg.fdd760e04f9f6e13.29674.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/462043
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
n/a
Detection:
dridex
Create hunting rule
Link:
https://mwdb.cert.pl/sample/790b0d9e2b17f637c3e03e410aa22d16eccfefd28d74b226a293c9696edb60ad/
Threat name:
Win32.Trojan.Drixed
Create hunting rule
Status:
Malicious
First seen:
2020-09-09 09:46:29 UTC
File Type:
PE (Dll)
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
emotet
Create hunting rule
Similar samples:
1003e3179583d7694d8bd7fbbe1fae629ac71cbef35a260a2288f600876b6bdc
Dridex
27379612c139d3c4a0c6614ea51d49f2495213c867574354d7851a86fdec2428
Dridex
69f0200223c9d03d6150c4d0e5bab6dd5654618400716a84a61dc018dc61e57f
Dridex
9b747e89874c0b080cf78ed61a1ccbd9c86045dc61b433116461e3e81eee1348
Dridex
ac9bdf7234d6fdcb50f8be07e0eadbcec5e07e028aa44d85cda6805a24d86e62
Dridex
bdf8709d58ab512229a343fba8788770076afd816dc2e9a9abcb803d72bf84b4
Dridex
c475b446e6d620ade6d55ef6eb7f75d29e2be8db678ca4df0254f355ec3b7e74
Dridex
c4a5fb821fb93ebac8bf91a8cb2097c6f920528bc3803bcd26d70e1f1bd9b201
Dridex
fd4159627ae84c3010c4fa3398c64d9639997d795338ab11fe2ad464f160b74e
Dridex
fee5bb973112d58445d9e267e0ceea137d9cc1fb8a7140cf9a67472c9499a30f
Dridex
+ 48 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
botnet loader family:dridex
Link:
https://tria.ge/reports/200909-tbcncnjnh2/
Behaviour
Suspicious use of WriteProcessMemory
Dridex Loader
Dridex
Malware Config
C2 Extraction:
67.213.75.205:443
186.103.215.157:33443
185.201.9.197:9443
108.175.9.22:33443
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/790b0d9e2b17f637c3e03e410aa22d16eccfefd28d74b226a293c9696edb60ad

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 790b0d9e2b17f637c3e03e410aa22d16eccfefd28d74b226a293c9696edb60ad

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/456102/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/456105/
Cape
Cape
https://www.capesandbox.com/analysis/58094/

Comments