MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7a77b516c563c8bbe904af3b90cfb89148b879b807aa34d93be3b1a2eb93a016. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Dridex

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	7a77b516c563c8bbe904af3b90cfb89148b879b807aa34d93be3b1a2eb93a016
SHA3-384 hash:	4eb226ac4ba892fe9b925e3352056c5094669623b78f34be09d62b425d7af1bc09938aa20c86522bccd9067c37b92e80
SHA1 hash:	f847d66c48d910ec01127d5e188ceaf4919d418f
MD5 hash:	aa7ad8fdea021577637b6e0520046686
humanhash:	lithium-avocado-kilo-angel
File name:	aa7ad8fdea021577637b6e0520046686.dll
Download:	download sample
Signature	Dridex Create hunting rule
File size:	742'744 bytes
First seen:	2020-10-02 09:41:03 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	59b4d90ccd42d8a41fe8c5f5161ddef8 (2 x Dridex)
ssdeep	12288:wXul/0MvQL9lFG1oMKv5qfRMm23aC1QDlKtwU5rmVM:MYcIIFG1oLv5qfRcKC1Q8uU5rm6
Threatray	9 similar samples on MalwareBazaar
TLSH	0BF4CEB8FAE2F4D7D14A28B886AD1D1B1DBD8D815236F91F7ACDF09C4A61F51B700A01
Reporter	abuse_ch
Tags:	dll Dridex

Intelligence

File Origin

# of uploads :

1

# of downloads :

179

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/67713/

Result

Verdict:

Suspicious

Maliciousness:

Behaviour

Sending a UDP request

Sending a TCP request to an infection source

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/480129

Signature

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7a77b516c563c8bbe904af3b90cfb89148b879b807aa34d93be3b1a2eb93a016/

Threat name:

Win32.Infostealer.Dridex

Status:

Malicious

First seen:

2020-10-01 13:44:26 UTC

AV detection:

23 of 29 (79.31%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=pj33kfwfmpelx2iev45zbt5ysfelq6nya6vdjwj34oy2f24tuala._file

Verdict:

malicious

Label(s):

dridex

Similar samples:

1b51d0ffc92c95be92b7da71bd49b75910839d15203a0fc8a52172ed51e3ed87

2dc73ab125bbcfcaa2ad81debaa45da08adcfe021761d04c606812bf3748df68

30ddf8d34671494f41ef339a36a9a91d8593a297c299c16603c73e1842486284

5134abe5dc819aae6cd91607cad4ab81f79dae8531dbdbfcac3631d95f82ab4c

63edc4ccc3345880ec3dd6e74360b45a0fa1e9b3147c21d245557ee0721fc347

93a47f8cffdd7f69d020813a390ffcf3bf850a5e53d398feba160f8efd2b5c43

b354b40413ec755a51a63ab930860d9078d9ad157f1f18b0d0c441d73bf6691c

d0b22ae087511553366f2c9292424f5f3bebbbe621ed54a91d52b9f8d96f594e

fa4745a9f86a7516cc6fdf77834b1b9ab83ba3a29743461eabe2bec180c9de86

Result

Malware family:

dridex

Score:

10/10

Tags:

botnet loader evasion trojan discovery family:dridex

Link:

https://tria.ge/reports/201002-ab8nx7ewcn/

Behaviour

Suspicious use of WriteProcessMemory

Checks installed software on the system

Checks whether UAC is enabled

Blacklisted process makes network request

Dridex Loader

Dridex

Malware Config

C2 Extraction:

146.164.126.197:443
69.16.193.166:9443
193.90.12.122:3098
157.245.103.132:14043

Unpacked files

SH256 hash:

7a77b516c563c8bbe904af3b90cfb89148b879b807aa34d93be3b1a2eb93a016

MD5 hash:

aa7ad8fdea021577637b6e0520046686

SHA1 hash:

f847d66c48d910ec01127d5e188ceaf4919d418f

Link:

https://www.unpac.me/results/ef36bd9a-0eec-4734-9e08-e6a1b31a61de/

SH256 hash:

a8abccb0e6737f32b04300b6269f8881f15e5c8af48dcd7577f8ff69b95b4828

MD5 hash:

74a2ba475ed3a7e6aff9ccb14246fdfd

SHA1 hash:

c7f344af5060097792ec3bd643d37349ebea5511

Link:

https://www.unpac.me/results/ef36bd9a-0eec-4734-9e08-e6a1b31a61de/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Dridex

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7a77b516c563c8bbe904af3b90cfb89148b879b807aa34d93be3b1a2eb93a016

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll 7a77b516c563c8bbe904af3b90cfb89148b879b807aa34d93be3b1a2eb93a016

(this sample)

Cape

Cape

https://www.capesandbox.com/analysis/67713/

URLhaus

https://urlhaus.abuse.ch/url/629882/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/633758/

URLhaus

https://urlhaus.abuse.ch/url/633756/

URLhaus

https://urlhaus.abuse.ch/url/633766/

URLhaus

https://urlhaus.abuse.ch/url/629876/

URLhaus

https://urlhaus.abuse.ch/url/633760/

URLhaus

https://urlhaus.abuse.ch/url/633767/

URLhaus

https://urlhaus.abuse.ch/url/633777/

URLhaus

https://urlhaus.abuse.ch/url/633764/

URLhaus

https://urlhaus.abuse.ch/url/633757/

URLhaus

https://urlhaus.abuse.ch/url/633776/

URLhaus

https://urlhaus.abuse.ch/url/633763/

URLhaus

https://urlhaus.abuse.ch/url/633775/

URLhaus

https://urlhaus.abuse.ch/url/629871/

URLhaus

https://urlhaus.abuse.ch/url/633762/

URLhaus

https://urlhaus.abuse.ch/url/629881/

URLhaus

https://urlhaus.abuse.ch/url/633773/

URLhaus

https://urlhaus.abuse.ch/url/629866/

URLhaus

https://urlhaus.abuse.ch/url/629870/

URLhaus

https://urlhaus.abuse.ch/url/633774/

URLhaus

https://urlhaus.abuse.ch/url/629875/

URLhaus

https://urlhaus.abuse.ch/url/629889/

URLhaus

https://urlhaus.abuse.ch/url/633765/

URLhaus

https://urlhaus.abuse.ch/url/633759/

URLhaus

https://urlhaus.abuse.ch/url/633761/

URLhaus

https://urlhaus.abuse.ch/url/629868/

URLhaus

https://urlhaus.abuse.ch/url/629890/

URLhaus

https://urlhaus.abuse.ch/url/633771/

URLhaus

https://urlhaus.abuse.ch/url/629877/

URLhaus

https://urlhaus.abuse.ch/url/629869/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample