MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7b6ca7e419c638612b8de732601bd337c12738022aaf76c274823b5c641e541f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7b6ca7e419c638612b8de732601bd337c12738022aaf76c274823b5c641e541f
SHA3-384 hash: 4dd927b8cfc11f5addbc0e1c77147649373e6bd6f9ca5e74b8386efbb660b80efefd5828464ae5c17655c1fb05d6a7dc
SHA1 hash: a77e06c49fcfcec9955b68fd386b745531d58374
MD5 hash: ffa2915880d6627ed78188b7e8279879
humanhash: spring-vermont-victor-nuts
File name:ACTIVEDS.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:704'512 bytes
First seen:2020-06-26 08:58:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 26fdc69b9b50c000107935f1b4954aca (3 x Dridex)
ssdeep 12288:YeIbqChU5SQz/hgc9xizz1q+3Me71DT5gxbnynD+LTMF2:YACPCkzI14cbY+c
Threatray 21 similar samples on MalwareBazaar
TLSH BAE4E1A3CAA111E0F143A97FB12B3A77708076272F096DE6DE3454C2AD7923D8D4B359
Reporter JAMESWT_WT
Tags:64b dll Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
119
Origin country :
n/a
Vendor Threat Intelligence
Detection:
DridexV4
Create hunting rule
Link:
https://www.capesandbox.com/analysis/14820/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Changing a file
Replacing files
Reading critical registry keys
Creating a file
Creating a process from a recently created file
Deleting a recently created file
Creating a file in the %AppData% subdirectories
Setting browser functions hooks
Forced shutdown of a system process
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Unauthorized injection to a system process
Unauthorized injection to a browser process
Forced shutdown of a browser
Enabling autorun with Startup directory
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7b6ca7e419c638612b8de732601bd337c12738022aaf76c274823b5c641e541f/
Threat name:
Win64.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 08:09:41 UTC
File Type:
PE+ (Dll)
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pnwkpzazyy4gck4n44zgag6tg7asooacfkxxnqtuqi5vyza6kqpq._file
Verdict:
malicious
Similar samples:
1bc4755b2828092f30c53c4099d2a1b118d1a68686a82b7c11ef12c6ae93f8d4
Dridex
330d748935d0789d8eb231a6781b9ecec36a4bc72829bef65fadd6667573753a
Dridex
36b5a8e87838e415fdd4a70b2b6cd405ab8db7771ed08efc2c80ba016818dea7
Dridex
414bb1af4fbb618c4889d69144c7f66591c6e5294d0ab3b7ea8b774946977cf2
Dridex
5cd27e2b49870da39e71fdb5c7b858b1548f351aa16e14df939103c75aa8aefd
Dridex
600a4d7f91540e7a6e9dd1162872404f1c04a171791f24e6a95f5a6545f6d5d3
Dridex
a7298d680e5a8a36225a1d1fe1b3a250291f31855a02e871e5b02fd5bb76d6be
Dridex
e39fd52523f742331dc20ee90a051e456561481ef4c360a40ffaac292cb6c37b
Dridex
e3f6a7a2d6628adf2956c3c1f387c2bd178b48e170a71368ae3e7f8c20b8e213
Dridex
e93b9a00886b7a569dc09337361d246c4ac74d3a061579ea4ad33b9ad19f7bde
Dridex
+ 11 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
evasion trojan spyware persistence
Link:
https://tria.ge/reports/200626-d778w54xd6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Checks whether UAC is enabled
Adds Run entry to start application
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://www.malware-traffic-analysis.net/2020/06/22/index.html
Cape
Cape
https://www.capesandbox.com/analysis/14820/

Comments