MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 81a509915d240010326dae2581c7e584304c5a4f0f02d9ed4d9270e4193e83b1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Dridex

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	81a509915d240010326dae2581c7e584304c5a4f0f02d9ed4d9270e4193e83b1
SHA3-384 hash:	e7d2a2d60fb84581c470273540c543c215cc0fe67fc77c7c0e918d9b6627e88daa3d0b9730e9815bb09f9f7c2ed97285
SHA1 hash:	5ec761e52521bda659646ca1bb5cad605b3a98d3
MD5 hash:	eb477791471e3b4379f816cbf7bc7a56
humanhash:	stream-whiskey-friend-hot
File name:	eb477791471e3b4379f816cbf7bc7a56.dll
Download:	download sample
Signature	Dridex Create hunting rule
File size:	538'112 bytes
First seen:	2020-12-11 08:06:49 UTC
Last seen:	2021-01-05 14:58:20 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	7799535e79bf5759dc0caffddd270f11 (4 x Dridex)
ssdeep	6144:JkbSx0/H8bVMlt7sQaB2XqLYHfcf2B2q7fEInukzNMSkQkDpxUkB:Hx68bilhsQryYo246fEIuENL4U
Threatray	218 similar samples on MalwareBazaar
TLSH	26B4CE9EB9BF70EFD4E7D070E73951BC39A62D501BE14A57972370846A6308A18CE70E
Reporter	abuse_ch
Tags:	dll Dridex

Intelligence

File Origin

# of uploads :

# of downloads :

234

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/107720/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.35663893.5159.15306.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a custom TCP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Dridex

Detection:

malicious

Classification:

bank

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/561601

Signature

Detected Dridex e-Banking trojan

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/81a509915d240010326dae2581c7e584304c5a4f0f02d9ed4d9270e4193e83b1/

Threat name:

Win32.Trojan.Qshell

Status:

Malicious

First seen:

2020-12-10 20:42:33 UTC

AV detection:

24 of 29 (82.76%)

Threat level:

5/5

Verdict:

malicious

Label(s):

dridex

Result

Malware family:

dridex

Score:

10/10

Tags:

family:dridex botnet discovery evasion loader trojan

Link:

https://tria.ge/reports/201211-fe97gfa5ta/

Behaviour

Suspicious use of WriteProcessMemory

Checks installed software on the system

Checks whether UAC is enabled

Blocklisted process makes network request

Dridex Loader

Dridex

Malware Config

C2 Extraction:

169.255.216.36:443
138.201.138.91:3389
89.174.36.41:4643
87.106.89.36:3389

Unpacked files

SH256 hash:

81a509915d240010326dae2581c7e584304c5a4f0f02d9ed4d9270e4193e83b1

MD5 hash:

eb477791471e3b4379f816cbf7bc7a56

SHA1 hash:

5ec761e52521bda659646ca1bb5cad605b3a98d3

Link:

https://www.unpac.me/results/ee8aba9c-cbd4-41fc-8942-dc9fc690bc83/

SH256 hash:

f6ed399a9266c47d54c93fc97df4bf636c6d39e70047b0eeb42a546be984348a

MD5 hash:

064e7694f3ecb851be74c61aed794bfa

SHA1 hash:

e182322b2063ca14ca354ed757a65194136e42b7

Link:

https://www.unpac.me/results/ee8aba9c-cbd4-41fc-8942-dc9fc690bc83/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Tibs

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/81a509915d240010326dae2581c7e584304c5a4f0f02d9ed4d9270e4193e83b1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 81a509915d240010326dae2581c7e584304c5a4f0f02d9ed4d9270e4193e83b1

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/902066/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/903065/

URLhaus

https://urlhaus.abuse.ch/url/902089/

URLhaus

https://urlhaus.abuse.ch/url/903032/

URLhaus

https://urlhaus.abuse.ch/url/903039/

URLhaus

https://urlhaus.abuse.ch/url/902058/

URLhaus

https://urlhaus.abuse.ch/url/904543/

URLhaus

https://urlhaus.abuse.ch/url/904536/

URLhaus

https://urlhaus.abuse.ch/url/903045/

URLhaus

https://urlhaus.abuse.ch/url/902103/

URLhaus

https://urlhaus.abuse.ch/url/902063/

URLhaus

https://urlhaus.abuse.ch/url/903064/

URLhaus

https://urlhaus.abuse.ch/url/904561/

URLhaus

https://urlhaus.abuse.ch/url/903025/

URLhaus

https://urlhaus.abuse.ch/url/902083/

URLhaus

https://urlhaus.abuse.ch/url/903050/

URLhaus

https://urlhaus.abuse.ch/url/902119/

URLhaus

https://urlhaus.abuse.ch/url/903037/

URLhaus

https://urlhaus.abuse.ch/url/902076/

URLhaus

https://urlhaus.abuse.ch/url/903021/

URLhaus

https://urlhaus.abuse.ch/url/903028/

URLhaus

https://urlhaus.abuse.ch/url/903034/

URLhaus

https://urlhaus.abuse.ch/url/903047/

URLhaus

https://urlhaus.abuse.ch/url/904579/

URLhaus

https://urlhaus.abuse.ch/url/902101/

URLhaus

https://urlhaus.abuse.ch/url/902129/

URLhaus

https://urlhaus.abuse.ch/url/902070/

URLhaus

https://urlhaus.abuse.ch/url/902059/

URLhaus

https://urlhaus.abuse.ch/url/903055/

URLhaus

https://urlhaus.abuse.ch/url/902646/

URLhaus

https://urlhaus.abuse.ch/url/902077/

URLhaus

https://urlhaus.abuse.ch/url/902074/

URLhaus

https://urlhaus.abuse.ch/url/904548/

URLhaus

https://urlhaus.abuse.ch/url/903044/

URLhaus

https://urlhaus.abuse.ch/url/902126/

URLhaus

https://urlhaus.abuse.ch/url/902131/

URLhaus

https://urlhaus.abuse.ch/url/902078/

URLhaus

https://urlhaus.abuse.ch/url/903027/

URLhaus

https://urlhaus.abuse.ch/url/904542/

URLhaus

https://urlhaus.abuse.ch/url/902067/

URLhaus

https://urlhaus.abuse.ch/url/902062/

URLhaus

https://urlhaus.abuse.ch/url/902061/

URLhaus

https://urlhaus.abuse.ch/url/903030/

URLhaus

https://urlhaus.abuse.ch/url/903018/

URLhaus

https://urlhaus.abuse.ch/url/902107/

URLhaus

https://urlhaus.abuse.ch/url/903061/

URLhaus

https://urlhaus.abuse.ch/url/903036/

URLhaus

https://urlhaus.abuse.ch/url/903038/

URLhaus

https://urlhaus.abuse.ch/url/904550/

URLhaus

https://urlhaus.abuse.ch/url/902098/

URLhaus

https://urlhaus.abuse.ch/url/903066/

URLhaus

https://urlhaus.abuse.ch/url/902080/

URLhaus

https://urlhaus.abuse.ch/url/904594/

URLhaus

https://urlhaus.abuse.ch/url/903060/

URLhaus

https://urlhaus.abuse.ch/url/903043/

URLhaus

https://urlhaus.abuse.ch/url/902125/

URLhaus

https://urlhaus.abuse.ch/url/904537/

URLhaus

https://urlhaus.abuse.ch/url/902052/

URLhaus

https://urlhaus.abuse.ch/url/904587/

URLhaus

https://urlhaus.abuse.ch/url/904580/

URLhaus

https://urlhaus.abuse.ch/url/903041/

URLhaus

https://urlhaus.abuse.ch/url/904538/

URLhaus

https://urlhaus.abuse.ch/url/902072/

URLhaus

https://urlhaus.abuse.ch/url/902109/

URLhaus

https://urlhaus.abuse.ch/url/902085/

URLhaus

https://urlhaus.abuse.ch/url/904540/

URLhaus

https://urlhaus.abuse.ch/url/903068/

URLhaus

https://urlhaus.abuse.ch/url/903056/

URLhaus

https://urlhaus.abuse.ch/url/903070/

URLhaus

https://urlhaus.abuse.ch/url/903059/

URLhaus

https://urlhaus.abuse.ch/url/903016/

URLhaus

https://urlhaus.abuse.ch/url/902053/

URLhaus

https://urlhaus.abuse.ch/url/902075/

URLhaus

https://urlhaus.abuse.ch/url/904570/

URLhaus

https://urlhaus.abuse.ch/url/903035/

URLhaus

https://urlhaus.abuse.ch/url/902108/

URLhaus

https://urlhaus.abuse.ch/url/902055/

URLhaus

https://urlhaus.abuse.ch/url/904560/

URLhaus

https://urlhaus.abuse.ch/url/904604/

URLhaus

https://urlhaus.abuse.ch/url/902094/

URLhaus

https://urlhaus.abuse.ch/url/903015/

URLhaus

https://urlhaus.abuse.ch/url/903046/

URLhaus

https://urlhaus.abuse.ch/url/902073/

URLhaus

https://urlhaus.abuse.ch/url/904554/

URLhaus

https://urlhaus.abuse.ch/url/904575/

URLhaus

https://urlhaus.abuse.ch/url/904541/

URLhaus

https://urlhaus.abuse.ch/url/904551/

URLhaus

https://urlhaus.abuse.ch/url/902082/

URLhaus

https://urlhaus.abuse.ch/url/904539/

URLhaus

https://urlhaus.abuse.ch/url/902084/

URLhaus

https://urlhaus.abuse.ch/url/903042/

URLhaus

https://urlhaus.abuse.ch/url/902088/

URLhaus

https://urlhaus.abuse.ch/url/903026/

URLhaus

https://urlhaus.abuse.ch/url/903029/

URLhaus

https://urlhaus.abuse.ch/url/903058/

URLhaus

https://urlhaus.abuse.ch/url/903017/

URLhaus

https://urlhaus.abuse.ch/url/902124/

URLhaus

https://urlhaus.abuse.ch/url/902051/

URLhaus

https://urlhaus.abuse.ch/url/904558/

URLhaus

https://urlhaus.abuse.ch/url/904606/

URLhaus

https://urlhaus.abuse.ch/url/903012/

URLhaus

https://urlhaus.abuse.ch/url/904582/

URLhaus

https://urlhaus.abuse.ch/url/904546/

URLhaus

https://urlhaus.abuse.ch/url/904544/

URLhaus

https://urlhaus.abuse.ch/url/903051/

URLhaus

https://urlhaus.abuse.ch/url/903049/

URLhaus

https://urlhaus.abuse.ch/url/904549/

URLhaus

https://urlhaus.abuse.ch/url/904562/

URLhaus

https://urlhaus.abuse.ch/url/902054/

URLhaus

https://urlhaus.abuse.ch/url/904552/

URLhaus

https://urlhaus.abuse.ch/url/904573/

URLhaus

https://urlhaus.abuse.ch/url/902079/

URLhaus

https://urlhaus.abuse.ch/url/904572/

URLhaus

https://urlhaus.abuse.ch/url/904564/

URLhaus

https://urlhaus.abuse.ch/url/904583/

URLhaus

https://urlhaus.abuse.ch/url/904593/

URLhaus

https://urlhaus.abuse.ch/url/904559/

URLhaus

https://urlhaus.abuse.ch/url/904569/

URLhaus

https://urlhaus.abuse.ch/url/904563/

URLhaus

https://urlhaus.abuse.ch/url/904545/

URLhaus

https://urlhaus.abuse.ch/url/904547/

Cape

https://www.capesandbox.com/analysis/107720/

URLhaus

https://urlhaus.abuse.ch/url/904588/

URLhaus

https://urlhaus.abuse.ch/url/904553/

URLhaus

https://urlhaus.abuse.ch/url/904557/

URLhaus

https://urlhaus.abuse.ch/url/904603/

URLhaus

https://urlhaus.abuse.ch/url/904565/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample