MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7fb4c95a329b24e6ab6742747cf896ae5125599548d38388fcb887b3fb871339. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7fb4c95a329b24e6ab6742747cf896ae5125599548d38388fcb887b3fb871339
SHA3-384 hash: c9f70e05361914734267b191ca91ec511b8b38ee6b96eac3550c170a8e3fd3c844af4ead1a3f5c2e9e348b53850fccaf
SHA1 hash: f453704ee0177d5771766870bc871e7c048a6c61
MD5 hash: 76a03b741a85be73b47b1a72cea1becb
humanhash: diet-fish-cola-chicken
File name:7fb4c95a329b24e6ab6742747cf896ae5125599548d38388fcb887b3fb871339
Download: download sample
Signature Dridex
Create hunting rule
File size:1'421'312 bytes
First seen:2022-03-23 08:05:32 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4a2e61e1749a0183eccaadb9c4ef6ec2 (40 x Dridex)
ssdeep 12288:LZgJtlQepQn+NDo7nIYegQCLDF/B9wvj/cLvVZFuw:LZK6F7n5eRmDFJivohZFV
Threatray 2'058 similar samples on MalwareBazaar
TLSH T14B65F102FF9963E6D9502DF695F0F2A3C9F4F6854C680229DBA1545F9CA0ACEBC110ED
Reporter JAMESWT_WT
Tags:Dridex exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
651
Origin country :
n/a
Vendor Threat Intelligence
Detection:
DridexV4
Create hunting rule
Link:
https://www.capesandbox.com/analysis/255446/
Detection(s):
Win.Packed.Dridex-9916859-0
Create hunting rule

Win.Packed.Dridex-9916872-0
Create hunting rule

SecuriteInfo.com.Trojan.Siggen15.41927.11983.13514.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Changing a file
Creating a file
Creating a process from a recently created file
Searching for synchronization primitives
Creating a file in the %AppData% subdirectories
DNS request
Setting browser functions hooks
Forced shutdown of a system process
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Unauthorized injection to a system process
Unauthorized injection to a browser process
Enabling autorun by creating a file
Forced shutdown of a browser
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/623ad501dfdfa8501cd21071/reports/fdc6b662-de37-4fc6-912b-48f80825518f/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Gathering data
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/962755
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7fb4c95a329b24e6ab6742747cf896ae5125599548d38388fcb887b3fb871339/
Threat name:
Win64.Trojan.Occamy
Create hunting rule
Status:
Malicious
First seen:
2022-03-12 18:11:58 UTC
File Type:
PE+ (Dll)
Extracted files:
1
AV detection:
37 of 42 (88.10%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
31a694cd04044831b2125f6cf16bc9dd342aee9ea89181e1aa302c82951cd956
Dridex
34e4dd4f79639ebda6d63dd10e01d559439611fcc4c79151f947bff810dfd722
Dridex
3a52c4f27db221ed975af3d38ac4b9060203b9c6fb3532cdc61b969e21ca666c
Dridex
6b52c3cdedbe90056bc1059f944e484e5afbd88a4665ed54e8d6ad94346785f4
Dridex
80078c8c2ae41981fe8bb5cbcf23f5999cd40f2ceb5c35183d890d75e64cd665
Dridex
8a4e80e4a3f944c227eb6889457ef30477e7cdc96e1b387773d14e2bab450933
Dridex
a7e4a244a0c2c589c237ed8ee1870017ee62e84809d589cb0824db74ca64ec99
Dridex
aa13ee7937305e18ac2da00c90a73476f802ba0ae72863a811dd7bcb29eff095
Dridex
ff25e9f36e8267df94a51f3252cab735e329dd5d2d2a5a4a2a7cfb1c4f7858db
Dridex
+ 2'048 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet evasion payload persistence trojan
Link:
https://tria.ge/reports/220323-jzgkbsedcl/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Adds Run key to start application
Checks whether UAC is enabled
Loads dropped DLL
Executes dropped EXE
Dridex Shellcode
Dridex
Unpacked files
SH256 hash:
7fb4c95a329b24e6ab6742747cf896ae5125599548d38388fcb887b3fb871339
MD5 hash:
76a03b741a85be73b47b1a72cea1becb
SHA1 hash:
f453704ee0177d5771766870bc871e7c048a6c61
Link:
https://www.unpac.me/results/07450795-c918-493f-800b-8657f363a9ac/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/7fb4c95a329b/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/7fb4c95a329b24e6ab6742747cf896ae5125599548d38388fcb887b3fb871339

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/255446/

Comments