MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7eb170f9d34ad87ab2de388464d87041290fa7baacb2284d8ff02f358c46becd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7eb170f9d34ad87ab2de388464d87041290fa7baacb2284d8ff02f358c46becd
SHA3-384 hash: 183b66ecf72224fda49dcac146522a1cdfe442e8811453952255c07855114e90c2908d11390ef191d19a9d68eafc8e21
SHA1 hash: 2d52654fab9c49fc133722d84828fcb6e1f2e339
MD5 hash: f25fe61a77e9c51649c1c78fb4819976
humanhash: louisiana-high-equal-tennis
File name:SecuriteInfo.com.Trojan.Dridex.747.22951.30704
Download: download sample
Signature Dridex
Create hunting rule
File size:188'416 bytes
First seen:2020-11-26 02:38:25 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 170e9d044735a2385bae69f7fea00ccd (1 x Dridex)
ssdeep 3072:gQgvxf6Wm5L2hRP8sv1pDzBfX7Cp/vXUtpoyHosPev1NzmQT9U6:ERm5LknLH9+vktpmsP81NaQT9
Threatray 117 similar samples on MalwareBazaar
TLSH 09048D2677DF6174F5F3AF365C3E21404A7B7CF39A38C78E1700528A95A1725D8A0B2A
Reporter SecuriteInfoCom
Tags:Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
135
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/547576
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 322892 Sample: SecuriteInfo.com.Trojan.Dri... Startdate: 26/11/2020 Architecture: WINDOWS Score: 52 12 Multi AV Scanner detection for submitted file 2->12 14 Machine Learning detection for sample 2->14 6 loaddll32.exe 1 2->6         started        process3 process4 8 WerFault.exe 3 9 6->8         started        10 WerFault.exe 3 9 6->10         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7eb170f9d34ad87ab2de388464d87041290fa7baacb2284d8ff02f358c46becd/
Threat name:
Win32.Trojan.Emotet
Create hunting rule
Status:
Malicious
First seen:
2020-11-26 00:02:15 UTC
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=p2yxb6otjlmhvmw6hccgjwdqieuq7j52vszcqtmp6axtldcgx3gq._file
Verdict:
malicious
Label(s):
emotet
Create hunting rule
Similar samples:
1c0a62a8d16705a2e1a38e0a4b310dbf40ce71e1a2a4c554e35a15ebfc28cb0f
Dridex
1db38d773d052e456749bb5fe1fd6ef045dedd30b8b1a0ae42bb62c26e9a2f18
Dridex
25d838419ca42f920a05afe582e328ca7bc5d498ae642b20f114b4415077d7f9
Dridex
31d883327033b6efb446e9416952c638152072095e6fbfab537b74bee477b6ca
Dridex
5e55bed21d40097b28a4e7eeb0cfbd128c5518b60ba9453bd6ffd7f3d2743114
Dridex
7a91d43923b23b640842519263ff8dc2eb0f411f2f1688727db5c7dfacbab7be
Dridex
95207a682e024efd1ea2364fd3c19484d70600ee931fb7c1a88d210cebbe8cc6
Dridex
b39e91e4dbc6abd06aaee6598c67c912933d125f291728a65e459209594cad35
Dridex
ea9efe328c387d0e2db9403cf89c5176f9982cf24b70cd8e83c25045c954a87b
Dridex
f1f67040aaaaabf6754310829696ba9fd783991ab89e476dfa8c8e698841ce34
Dridex
+ 107 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet loader
Link:
https://tria.ge/reports/201126-a3ws6lny9a/
Behaviour
Suspicious use of WriteProcessMemory
Dridex Loader
Dridex
Malware Config
C2 Extraction:
77.220.64.36:443
217.79.184.243:33443
195.159.28.230:4443
Unpacked files
SH256 hash:
7eb170f9d34ad87ab2de388464d87041290fa7baacb2284d8ff02f358c46becd
MD5 hash:
f25fe61a77e9c51649c1c78fb4819976
SHA1 hash:
2d52654fab9c49fc133722d84828fcb6e1f2e339
Link:
https://www.unpac.me/results/b088e90d-b884-4d6e-b584-c9ed1eba9c53/
SH256 hash:
59ea30e461d0cb9328d386416b6ac936d78700d1ebb4bef20f5d1e0e55491e87
MD5 hash:
16ea628acd233c753c1cd13871193e62
SHA1 hash:
97ac435fe76e6fcb1ccd8871c4a8dec61694af53
Detections:
win_dridex_auto
Create hunting rule
Link:
https://www.unpac.me/results/b088e90d-b884-4d6e-b584-c9ed1eba9c53/
SH256 hash:
675a44bb6a4b19d612c59f3059f53d22707408a8d847c10ec662161ca402d4dc
MD5 hash:
bb08b5d078dbecb468ef506e3e44810f
SHA1 hash:
8da68da4724c5062e088a4702281b8508b5b8961
Link:
https://www.unpac.me/results/b088e90d-b884-4d6e-b584-c9ed1eba9c53/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 7eb170f9d34ad87ab2de388464d87041290fa7baacb2284d8ff02f358c46becd

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/854937/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/105573/

Comments