MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7ed6f514c14770cf4f2d9957b94c3e6891f31580aa9b38594374cc1362bc88a5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7ed6f514c14770cf4f2d9957b94c3e6891f31580aa9b38594374cc1362bc88a5
SHA3-384 hash: 70ea215ddb54db3af550b3ee366c63b0c9c1214dacc9fbaadb0ebf58f2cd074139463fb5811317c4f061f4e3a781241f
SHA1 hash: d5fd690af7be633b3d9e12627d1cf4364e719f41
MD5 hash: 980ae027422dbff8a6b6b7d4c3e86ac0
humanhash: kentucky-avocado-oregon-bulldog
File name:INV-23373_2.xll
Download: download sample
Signature Dridex
Create hunting rule
File size:662'528 bytes
First seen:2021-11-10 14:07:43 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 8c8bba54a9dc287053536e212411cdac (12 x Dridex)
ssdeep 12288:HHB8k2IlwP0iruRPlOF8bzbBSreqNlKVWf9Zam:B8mO2X16sgm
Threatray 5 similar samples on MalwareBazaar
TLSH T179E46C56BEC6AEA2EF7F51B7C360EA391156736D03A09ACF760305993915FD2403EA03
Reporter adrian__luca
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/204749/
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-vm greyware packed
Link:
https://www.filescan.io/uploads/618bd246175442ca93aabd95/reports/5a5538fd-efe6-4d9d-a607-3934542b4f54/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/9ca4add2-c8d7-4ac3-afc5-0b956834d4f4
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/886797
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 519270 Sample: INV-23373_2.xll Startdate: 10/11/2021 Architecture: WINDOWS Score: 48 28 Multi AV Scanner detection for submitted file 2->28 7 loaddll32.exe 4 2->7         started        process3 process4 9 iexplore.exe 1 74 7->9         started        11 cmd.exe 1 7->11         started        13 regsvr32.exe 3 7->13         started        15 3 other processes 7->15 process5 17 iexplore.exe 2 155 9->17         started        20 rundll32.exe 1 11->20         started        dnsIp6 22 dart.l.doubleclick.net 172.217.168.38, 443, 49834, 49835 GOOGLEUS United States 17->22 24 tls13.taboola.map.fastly.net 151.101.1.44, 443, 49844, 49845 FASTLYUS United States 17->24 26 13 other IPs or domains 17->26
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7ed6f514c14770cf4f2d9957b94c3e6891f31580aa9b38594374cc1362bc88a5/
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2021-11-08 15:41:55 UTC
AV detection:
12 of 45 (26.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=p3lpkfgbi5ym6tzntfl3stb6nci7gfmavkntqwkdotgbgyv4rcsq._file
Verdict:
malicious
Similar samples:
734829ac3ed2dd05ee416c3f82290b9ebc16c7765b8410917e3b2bc44bda7ee1
Dridex
ae2ee9f58ee2c27d739190e1176d8898a49ddac0c36e392115f12309ac07e63a
Dridex
b2cdcf185c0f0f8049e02f4b8c54c4dbdae4baa4dc4ddc6e1de5e76645cc17f3
Dridex
ecced63b75f7967f2ec05955217d6e30bb45cb0dc7d620213defacf33174e953
Dridex
f7f572445d6dfcc947f3f9532206997a12f0a894e97c75785a9db34f16462028
Dridex
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/211110-rfj54secgl/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
02f05760666bda9018b95e442486c504cb67f02f5603406be55effc6dbf5c592
MD5 hash:
d11efc2a4d1d18e45f583c705d2bf575
SHA1 hash:
b465a3e331d9bcafe5bea3754ec481d79de7147e
Link:
https://www.unpac.me/results/f66dd207-f1de-4752-98de-22007562cb9a/
SH256 hash:
8969f89b7a221d864bd5525e463c0db868da673912b3b6c0e1d7babe0f5ec95f
MD5 hash:
414d062a882ae8252dce8ecc5f8e6fda
SHA1 hash:
7f06451ae8553f512bfadd9955a27ad4d13f0331
Link:
https://www.unpac.me/results/f66dd207-f1de-4752-98de-22007562cb9a/
SH256 hash:
2305a598c67a769a1e6b8168c1fc3f2b34df07830a3d46798d051fb55647cd61
MD5 hash:
c20d8d6c45165f92cd04cb4b9a3f1b69
SHA1 hash:
7aed149218c6563d3fcac4f369ea7a12f4d4ab84
Link:
https://www.unpac.me/results/f66dd207-f1de-4752-98de-22007562cb9a/
SH256 hash:
7ed6f514c14770cf4f2d9957b94c3e6891f31580aa9b38594374cc1362bc88a5
MD5 hash:
980ae027422dbff8a6b6b7d4c3e86ac0
SHA1 hash:
d5fd690af7be633b3d9e12627d1cf4364e719f41
Link:
https://www.unpac.me/results/f66dd207-f1de-4752-98de-22007562cb9a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7ed6f514c14770cf4f2d9957b94c3e6891f31580aa9b38594374cc1362bc88a5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BitcoinAddress
Create hunting rule
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Dridex

DLL dll 7ed6f514c14770cf4f2d9957b94c3e6891f31580aa9b38594374cc1362bc88a5

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/204749/

Comments