MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 791252fc4def3c4c3bdb270633ffc88c0e2cd8e8e8ba299825a83841a273e7dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 791252fc4def3c4c3bdb270633ffc88c0e2cd8e8e8ba299825a83841a273e7dd
SHA3-384 hash: fc291478267ed69d360d9bd1fe7b19ff9254a4970a4131d173e6e98154923c610453aa41fba4559951e4c91cd9c609c4
SHA1 hash: e45d05bf840341fbaa6fd6b9f396788c5810cb26
MD5 hash: 92aa183e338e9f7bbdc9ca401eb97c64
humanhash: blossom-floor-washington-carbon
File name:bttxlf4.zip.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:765'440 bytes
First seen:2021-01-20 15:19:14 UTC
Last seen:2021-01-20 17:06:45 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 1d0c1e9a51da59fb16fe818b175c13c5 (2 x Dridex)
ssdeep 12288:F0q2AejP0XbOAQ60af2rDMmUz0x07wGwefo5SuDwadeUy:i2ejIOU0G2rDMmxxkRTs9y
Threatray 1'067 similar samples on MalwareBazaar
TLSH A1F48C63E6986460F32A073118A3A55387FC7E44CA7DCD9A31CF350B38967B1B56938E
Reporter James_inthe_box
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
2
# of downloads :
162
Origin country :
n/a
Vendor Threat Intelligence
Detection:
DridexLoader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/114562/
Detection(s):
SecuriteInfo.com.Generic.mg.92aa183e338e9f7b.32324.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Sending a custom TCP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
bank.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/586320
Signature
Detected Dridex e-Banking trojan
Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/791252fc4def3c4c3bdb270633ffc88c0e2cd8e8e8ba299825a83841a273e7dd/
Threat name:
Win32.Trojan.Malrep
Create hunting rule
Status:
Malicious
First seen:
2021-01-20 14:41:50 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
14 of 28 (50.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pejff7cn546eyo63e4ddh76irqhczwhi5c5ctgbfva4editt47oq._file
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
174c621f41276dd1732bb57b4e44aa0c5476ee3bf890a3ba0e02f7565d283d9c
Dridex
4ef049a69d2343a538b8563388f2a9f6838e8e864c6738b1e4934a4e377369a9
Dridex
52dc6da720ff69d8dea66a117fb1fd57e7db0366ec7f55b05cce18f6a3477cc8
Dridex
538201e92e10aa1a386750edf50216ef4a274b19039642eb10e7c453c9a8f192
Dridex
560478c5532f341407bed4a90de3f7a53bb36d500691f1f41e7d18a44f354f8a
Dridex
82902f13b895c92b0995e65d4de03ff0cd50d89bbc027dc5e7ec338d9bede821
Dridex
8a0258361b87a73111afc4fb6f2cf121aa3a52122577a3692628e577ab202a34
Dridex
b354b40413ec755a51a63ab930860d9078d9ad157f1f18b0d0c441d73bf6691c
Dridex
b9bb671587f2dad8a3df83d6bd0b7b8327edf93fadbefe8b6aa7eabe6698ae88
Dridex
ee397380005f89781c43853c6d2a8922d8570b43208b9f7162c6e4c5903e33b7
Dridex
+ 1'057 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet loader
Link:
https://tria.ge/reports/210120-7gd6cwsbyn/
Behaviour
Suspicious use of WriteProcessMemory
Dridex Loader
Dridex
Malware Config
C2 Extraction:
194.225.58.214:443
211.110.44.63:5353
69.164.207.140:3388
198.57.200.100:3786
Unpacked files
SH256 hash:
379eebc83cc4ff8ad11369803136bee341497d42883cb19ee4b62c818fd6f720
MD5 hash:
7902b8fd1d30b1ad805dfae1e882a067
SHA1 hash:
1f68628b311642fcaba82a56353de3762fe8bb84
Link:
https://www.unpac.me/results/df8d31a4-f457-4bf7-a4d7-b47a5318672b/
SH256 hash:
791252fc4def3c4c3bdb270633ffc88c0e2cd8e8e8ba299825a83841a273e7dd
MD5 hash:
92aa183e338e9f7bbdc9ca401eb97c64
SHA1 hash:
e45d05bf840341fbaa6fd6b9f396788c5810cb26
Link:
https://www.unpac.me/results/df8d31a4-f457-4bf7-a4d7-b47a5318672b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/791252fc4def3c4c3bdb270633ffc88c0e2cd8e8e8ba299825a83841a273e7dd

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DridexLoader
Create hunting rule
Author:kevoreilly
Description:Dridex v4 dropper C2 parsing function
Rule name:win_dridex_loader_v2
Create hunting rule
Author:Johannes Bader @viql
Description:detects some Dridex loaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/972234/
  
URLhaus
https://urlhaus.abuse.ch/url/972276/
  
URLhaus
https://urlhaus.abuse.ch/url/972310/
  
URLhaus
https://urlhaus.abuse.ch/url/972291/
  
URLhaus
https://urlhaus.abuse.ch/url/972304/
  
URLhaus
https://urlhaus.abuse.ch/url/972277/
  
URLhaus
https://urlhaus.abuse.ch/url/972270/
  
URLhaus
https://urlhaus.abuse.ch/url/972289/
  
URLhaus
https://urlhaus.abuse.ch/url/972322/
  
URLhaus
https://urlhaus.abuse.ch/url/972323/
  
URLhaus
https://urlhaus.abuse.ch/url/972251/
  
URLhaus
https://urlhaus.abuse.ch/url/972241/
  
URLhaus
https://urlhaus.abuse.ch/url/972290/
  
URLhaus
https://urlhaus.abuse.ch/url/972286/
  
URLhaus
https://urlhaus.abuse.ch/url/972267/
  
URLhaus
https://urlhaus.abuse.ch/url/972242/
  
URLhaus
https://urlhaus.abuse.ch/url/972253/
  
URLhaus
https://urlhaus.abuse.ch/url/972252/
  
URLhaus
https://urlhaus.abuse.ch/url/972225/
  
URLhaus
https://urlhaus.abuse.ch/url/972218/
  
URLhaus
https://urlhaus.abuse.ch/url/972227/
  
URLhaus
https://urlhaus.abuse.ch/url/972325/
  
URLhaus
https://urlhaus.abuse.ch/url/972260/
  
URLhaus
https://urlhaus.abuse.ch/url/972273/
  
URLhaus
https://urlhaus.abuse.ch/url/972222/
  
URLhaus
https://urlhaus.abuse.ch/url/972296/
  
URLhaus
https://urlhaus.abuse.ch/url/972300/
  
URLhaus
https://urlhaus.abuse.ch/url/972297/
  
URLhaus
https://urlhaus.abuse.ch/url/972221/
  
URLhaus
https://urlhaus.abuse.ch/url/972264/
  
URLhaus
https://urlhaus.abuse.ch/url/972316/
  
URLhaus
https://urlhaus.abuse.ch/url/972255/
  
URLhaus
https://urlhaus.abuse.ch/url/972261/
  
URLhaus
https://urlhaus.abuse.ch/url/972320/
  
URLhaus
https://urlhaus.abuse.ch/url/972305/
  
URLhaus
https://urlhaus.abuse.ch/url/972224/
  
URLhaus
https://urlhaus.abuse.ch/url/972311/
  
URLhaus
https://urlhaus.abuse.ch/url/972328/
  
URLhaus
https://urlhaus.abuse.ch/url/972235/
  
URLhaus
https://urlhaus.abuse.ch/url/972220/
  
URLhaus
https://urlhaus.abuse.ch/url/972326/
  
URLhaus
https://urlhaus.abuse.ch/url/972306/
Cape
Cape
https://www.capesandbox.com/analysis/114562/

Comments