MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7dd71dac4d68a8d49db4b0077f38225b597591ee52f96fd832acfa552d166979. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7dd71dac4d68a8d49db4b0077f38225b597591ee52f96fd832acfa552d166979
SHA3-384 hash: e3f73eac9db79e3796c66484f009c2f04de54db59251fbc2808141918f21dcf7252e7a553984537d5622954522d51e79
SHA1 hash: c6335efafcaf572c3d3695369b580efcb2bceec9
MD5 hash: 761bc462ddbcce63eade6b6e86929cff
humanhash: fanta-nuts-freddie-bravo
File name:761bc462ddbcce63eade6b6e86929cff
Download: download sample
Signature Dridex
Create hunting rule
File size:487'424 bytes
First seen:2021-12-06 14:18:19 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 03540fe05cb0473f2f956a0d0a682262 (12 x Dridex)
ssdeep 12288:R7fimEsIsmY4K08oM1Wd8t5KQhNdv5zq:R7aVRBn7x6jtk
Threatray 5'555 similar samples on MalwareBazaar
TLSH T185A4AF469D16A00DE80DA43DB24CB29AE9F862F7F57861F3542EB33E2DD30928F17459
Reporter zbetcheckin
Tags:32 dll Dridex exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
151
Origin country :
n/a
Vendor Threat Intelligence
Detection:
DridexV4
Create hunting rule
Link:
https://www.capesandbox.com/analysis/211818/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware1.19984.8762.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/61ae1bd9fa72c81b5b0e7e2c/reports/d59858d0-86ff-4344-bb66-c20d70de5756/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/5cff3f0d-12ea-46ef-8154-1da3ed2858c9
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/902337
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected Dridex unpacked file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 534815 Sample: TqUx0ddkxp Startdate: 06/12/2021 Architecture: WINDOWS Score: 72 23 Found malware configuration 2->23 25 Multi AV Scanner detection for submitted file 2->25 27 Yara detected Dridex unpacked file 2->27 29 2 other signatures 2->29 8 loaddll32.exe 13 2->8         started        process3 dnsIp4 17 23.246.204.126, 443, 49763, 49775 SOFTLAYERUS United States 8->17 19 172.105.78.60, 4664, 49774, 49778 LINODE-APLinodeLLCUS United States 8->19 21 2 other IPs or domains 8->21 11 cmd.exe 1 8->11         started        process5 process6 13 rundll32.exe 11->13         started        process7 15 WerFault.exe 23 9 13->15         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7dd71dac4d68a8d49db4b0077f38225b597591ee52f96fd832acfa552d166979/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2021-12-06 14:19:13 UTC
File Type:
PE (Dll)
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
doppeldridex
Create hunting rule
dridex
Create hunting rule
Similar samples:
1b9f7bc405caf49359189d0ff88232f318ba950b42b9aa480267adf3b14d8a84
Dridex
6d22c025dfc9ae47f722194f0c139b393e538c9ed467557476be20f19d7e7089
Dridex
6e2c1bfe691c3b9ae8d63f04fb1c129c7935c8a02ea04a45511f582d4155a2ba
Dridex
82b59ec5899809d0e8bab3cbf8775d994af9cfb9213d1b3650032d263ebcba05
Dridex
b7c8fa282d0db4cb510325a4183dae5fd229b2e4f47b827a2d3cddd8889feb41
Dridex
dc764bcf7c82b8e21be4e6ab57217dea8edce6259c724f5605546e50549a2b99
Dridex
e023351c103b63084b21d7d0051001caab0643fc7b39f2a5b168c5e923af6430
Dridex
fc3f0a97098ad596b964f2092f5bb60c075a9afc6d1b940ec968005314d94de4
Dridex
+ 5'545 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet:10444 botnet loader
Link:
https://tria.ge/reports/211206-rmt9naebhr/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Dridex Loader
Dridex
Malware Config
C2 Extraction:
23.246.204.126:443
151.106.39.36:8116
103.124.144.123:6891
172.105.78.60:4664
Unpacked files
SH256 hash:
7dd71dac4d68a8d49db4b0077f38225b597591ee52f96fd832acfa552d166979
MD5 hash:
761bc462ddbcce63eade6b6e86929cff
SHA1 hash:
c6335efafcaf572c3d3695369b580efcb2bceec9
Link:
https://www.unpac.me/results/5d43b91a-d546-4ba1-8eed-10d342f1a119/
Malware family:
Dridex
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/7dd71dac4d68/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/7dd71dac4d68a8d49db4b0077f38225b597591ee52f96fd832acfa552d166979

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 7dd71dac4d68a8d49db4b0077f38225b597591ee52f96fd832acfa552d166979

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1859147/
  
URLhaus
https://urlhaus.abuse.ch/url/1859146/
  
URLhaus
https://urlhaus.abuse.ch/url/1859144/
  
URLhaus
https://urlhaus.abuse.ch/url/1859148/
  
URLhaus
https://urlhaus.abuse.ch/url/1859171/
  
URLhaus
https://urlhaus.abuse.ch/url/1859188/
  
URLhaus
https://urlhaus.abuse.ch/url/1859185/
  
URLhaus
https://urlhaus.abuse.ch/url/1859225/
  
URLhaus
https://urlhaus.abuse.ch/url/1859226/
  
URLhaus
https://urlhaus.abuse.ch/url/1859232/
  
URLhaus
https://urlhaus.abuse.ch/url/1859233/
  
URLhaus
https://urlhaus.abuse.ch/url/1859243/
  
URLhaus
https://urlhaus.abuse.ch/url/1859247/
  
URLhaus
https://urlhaus.abuse.ch/url/1859238/
  
URLhaus
https://urlhaus.abuse.ch/url/1859244/
  
URLhaus
https://urlhaus.abuse.ch/url/1859256/
  
URLhaus
https://urlhaus.abuse.ch/url/1859252/
  
URLhaus
https://urlhaus.abuse.ch/url/1859257/
  
URLhaus
https://urlhaus.abuse.ch/url/1859269/
  
URLhaus
https://urlhaus.abuse.ch/url/1859271/
  
URLhaus
https://urlhaus.abuse.ch/url/1859277/
  
URLhaus
https://urlhaus.abuse.ch/url/1859291/
  
URLhaus
https://urlhaus.abuse.ch/url/1859290/
  
URLhaus
https://urlhaus.abuse.ch/url/1859294/
  
URLhaus
https://urlhaus.abuse.ch/url/1859174/
Cape
Cape
https://www.capesandbox.com/analysis/211818/

Comments


Avatar
zbet commented on 2021-12-06 14:18:21 UTC

url : hxxps://tixit.band/yxw0nh.jpg