MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7db09fec761120eba416f2047447c5c3f0954f39ca5ed26086e099c28bd349bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Dridex

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	7db09fec761120eba416f2047447c5c3f0954f39ca5ed26086e099c28bd349bf
SHA3-384 hash:	453c538f305db20cf708769c410bf850ca6ccd9b66ca29caa07f6758ef7222d9d192f1af751607e5ea78b824605fe780
SHA1 hash:	21c23e96b24025de1782a55945d03d290ee17f3d
MD5 hash:	384fbf3ec1c86df90ef4c68dd3db2f2e
humanhash:	batman-kilo-double-moon
File name:	SecuriteInfo.com.Generic.mg.384fbf3ec1c86df9.12453
Download:	download sample
Signature	Dridex Create hunting rule
File size:	204'800 bytes
First seen:	2020-12-21 17:39:47 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	e32b55d8b41291a69aba4751d41cfc12 (3 x Dridex)
ssdeep	3072:8LdOjhJ5SosQnVbktFbTPhMIsbv6kA1FOaik8CSxZ8aRcRfY:8LwjNSAAtxCTHC
Threatray	84 similar samples on MalwareBazaar
TLSH	46149E06EEA76F84FD9204FE39E861970D70FC519831D40A21E1339E68FE91B5E5076E
Reporter	SecuriteInfoCom
Tags:	Dridex

Intelligence

File Origin

# of uploads :

1

# of downloads :

151

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Generic.mg.384fbf3ec1c86df9.12453.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/567586

Signature

Binary contains a suspicious time stamp

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7db09fec761120eba416f2047447c5c3f0954f39ca5ed26086e099c28bd349bf/

Threat name:

Win32.Trojan.Drixed

Status:

Malicious

First seen:

2020-12-21 17:04:20 UTC

AV detection:

22 of 28 (78.57%)

Threat level:

5/5

Verdict:

suspicious

Result

Malware family:

dridex

Score:

10/10

Tags:

family:dridex botnet loader

Link:

https://tria.ge/reports/201221-vkcdd9wacx/

Behaviour

Suspicious use of WriteProcessMemory

Dridex Loader

Dridex

Malware Config

C2 Extraction:

62.138.14.216:3074
46.4.83.131:3389
195.231.69.151:3889
198.211.118.187:3388

Unpacked files

SH256 hash:

7db09fec761120eba416f2047447c5c3f0954f39ca5ed26086e099c28bd349bf

MD5 hash:

384fbf3ec1c86df90ef4c68dd3db2f2e

SHA1 hash:

21c23e96b24025de1782a55945d03d290ee17f3d

Link:

https://www.unpac.me/results/568272af-5b29-4d0d-9aab-f317b5422421/

SH256 hash:

ac6786dc2ed317b7afb59e377b15e5bcb84c964b2ff5456c31e8432a9ae1553d

MD5 hash:

028e3722d57e92e8cc24d8fe6287b1ae

SHA1 hash:

f70486b42387b2112704c11bb96eb7507ba6d84e

Link:

https://www.unpac.me/results/568272af-5b29-4d0d-9aab-f317b5422421/

SH256 hash:

e4f9bf320912275aa9c4a568118d4c61ace41ce9c9acababb51e29b388303c36

MD5 hash:

cae017c8ace10e093e5ce9e8b6451c58

SHA1 hash:

9d5cf76288bb2a957cfbd51ea5cd8070eb48e215

Detections:

win_dridex_auto

Link:

https://www.unpac.me/results/568272af-5b29-4d0d-9aab-f317b5422421/

Parent samples :

9407254f8870565c27d6f5328a8b517a2a4788174da2880d0f2e33c6890077b3
7db09fec761120eba416f2047447c5c3f0954f39ca5ed26086e099c28bd349bf
ac91022e04b4cd528d5cef6bdcc7e9ccaeb368ae1533c06e8f30579f2e71bbd2

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Dridex

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7db09fec761120eba416f2047447c5c3f0954f39ca5ed26086e099c28bd349bf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll 7db09fec761120eba416f2047447c5c3f0954f39ca5ed26086e099c28bd349bf

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/935535/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/935579/

URLhaus

https://urlhaus.abuse.ch/url/935581/

URLhaus

https://urlhaus.abuse.ch/url/935585/

URLhaus

https://urlhaus.abuse.ch/url/935588/

URLhaus

https://urlhaus.abuse.ch/url/935596/

URLhaus

https://urlhaus.abuse.ch/url/935598/

URLhaus

https://urlhaus.abuse.ch/url/935604/

URLhaus

https://urlhaus.abuse.ch/url/935606/

URLhaus

https://urlhaus.abuse.ch/url/935607/

URLhaus

https://urlhaus.abuse.ch/url/935608/

URLhaus

https://urlhaus.abuse.ch/url/935609/

URLhaus

https://urlhaus.abuse.ch/url/935618/

URLhaus

https://urlhaus.abuse.ch/url/935658/

URLhaus

https://urlhaus.abuse.ch/url/935660/

URLhaus

https://urlhaus.abuse.ch/url/935663/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample