MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7ecb1737599717d4a91772432ef9235771f725fbce2c8f0ae0c361c6966c475e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7ecb1737599717d4a91772432ef9235771f725fbce2c8f0ae0c361c6966c475e
SHA3-384 hash: 379c217e679275ac4c7e8571fff75580bb28bb2b71fb4ac5bc82e979d6770bcf0e1a66043ea5d87802ca06d16f4b3605
SHA1 hash: e0295e1a500343a91380ea1b371c964745508291
MD5 hash: 2b6ce28212a1a375a1bf6d2c3b2c13f9
humanhash: neptune-connecticut-enemy-island
File name:2b6ce28212a1a375a1bf6d2c3b2c13f9
Download: download sample
Signature Dridex
Create hunting rule
File size:524'288 bytes
First seen:2021-12-20 16:54:46 UTC
Last seen:2021-12-21 13:59:28 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 5ad3b93adc2f9b7a31e634988c069f77 (85 x Dridex)
ssdeep 12288:J2cK4kV9W/k7MNKABzMyLi8E6+DnOM2SwyuWn:wkMs9
Threatray 5'662 similar samples on MalwareBazaar
TLSH T1EAB4AF92960F6767E43C32B3E8E36436AB434F280DD4BDE5BA00764F733D498649D686
Reporter zbetcheckin
Tags:32 dll Dridex exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
139
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Lazy.88453.30430.5804.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/61c0b5738991ba72b38eca0c/reports/62bc66ef-5ba0-4f04-b8a4-714ad804d38e/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Dridex
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ac209aad-c706-4729-a807-d90ef95d4937
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/910568
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Tries to delay execution (extensive OutputDebugStringW loop)
Yara detected Dridex unpacked file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 543047 Sample: vrDR3ZTj0h Startdate: 20/12/2021 Architecture: WINDOWS Score: 80 22 89.31.56.58 UNITHOST-ASNL Netherlands 2->22 24 51.159.52.196 OnlineSASFR France 2->24 26 2 other IPs or domains 2->26 28 Found malware configuration 2->28 30 Multi AV Scanner detection for submitted file 2->30 32 Yara detected Dridex unpacked file 2->32 34 3 other signatures 2->34 9 loaddll32.exe 1 2->9         started        signatures3 process4 signatures5 36 Tries to delay execution (extensive OutputDebugStringW loop) 9->36 12 cmd.exe 1 9->12         started        14 rundll32.exe 9->14         started        process6 process7 16 rundll32.exe 12->16         started        18 WerFault.exe 9 14->18         started        process8 20 WerFault.exe 23 9 16->20         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7ecb1737599717d4a91772432ef9235771f725fbce2c8f0ae0c361c6966c475e/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2021-12-20 16:55:13 UTC
File Type:
PE (Dll)
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
doppeldridex
Create hunting rule
dridex
Create hunting rule
Similar samples:
2ed4c30203ad5091fac0cb694f5dca3af5a591e0de6a56a0dfb51f20ba82fbc9
Dridex
4e41e0a0750125693aeadde94e11f23f9b29a81b26b41463117bd39d19374f84
Dridex
752cc527d4c57db8e25158c476c2cc059c688d68b869428f1c5fce651e47a4b2
Dridex
b3f2455dbdfadfdb76026bff37d4180f90b8dcfed7ce84043e2fcef4ae33b5e1
Dridex
e5607a5a103d6bc04f97ffdeea63ba4629a6f99d55d89d2b2047e6d61c539357
Dridex
ee14add8eb5342d6c672dbff573b0737ac4f718f06d2881f9d319e6c806db770
Dridex
+ 5'652 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet:22203 botnet loader
Link:
https://tria.ge/reports/211220-ve5bfacafn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Dridex Loader
Dridex
Malware Config
C2 Extraction:
51.159.52.196:443
134.209.247.135:6602
194.233.68.48:5228
89.31.56.58:593
Unpacked files
SH256 hash:
7ecb1737599717d4a91772432ef9235771f725fbce2c8f0ae0c361c6966c475e
MD5 hash:
2b6ce28212a1a375a1bf6d2c3b2c13f9
SHA1 hash:
e0295e1a500343a91380ea1b371c964745508291
Link:
https://www.unpac.me/results/5b6713f9-99a8-43fc-9bf9-ee54ffaca671/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/7ecb1737599717d4a91772432ef9235771f725fbce2c8f0ae0c361c6966c475e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 7ecb1737599717d4a91772432ef9235771f725fbce2c8f0ae0c361c6966c475e

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1902445/
  
URLhaus
https://urlhaus.abuse.ch/url/1902458/

Comments


Avatar
zbet commented on 2021-12-20 16:54:47 UTC

url : hxxps://preusz.com/2S0TH4/LzFICzdSIzchskkklgbtq.bin