MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 82cfc26e57ca8fdd2f47a24ba14fa1ee8e8b29a0d54909a9fdb6346171448754. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 82cfc26e57ca8fdd2f47a24ba14fa1ee8e8b29a0d54909a9fdb6346171448754
SHA3-384 hash: 78a9fa81ee22c6573f27797743135a3beee7e038df9cfbc8639f38725b59d9f38f94afec562d541a1ca135d056053913
SHA1 hash: f15766b0231a0aa4aecc109ec25ad03886be8489
MD5 hash: 05f2a8023c445d3f0cdb3a151ab22d43
humanhash: cup-cardinal-pizza-wisconsin
File name:05f2a8023c445d3f0cdb3a151ab22d43.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:458'666 bytes
First seen:2023-02-15 15:22:30 UTC
Last seen:2023-06-11 05:30:55 UTC
File type:DLL dll
MIME type:application/x-dosexec
ssdeep 12288:GSNs0Ljpezsf/Lrxn9AiQwvM8hZDgh6c8:FNrszsHxfjv7Dg18
Threatray 14 similar samples on MalwareBazaar
TLSH T1B7A4C060BC80E47DEB0D22704C5BEDFD0159BC0466ABB95F32DE2E6F15A1253F05B298
TrID 42.7% (.EXE) Win32 Executable (generic) (4505/5/1)
19.2% (.EXE) OS/2 Executable (generic) (2029/13)
19.0% (.EXE) Generic Win/DOS Executable (2002/3)
18.9% (.EXE) DOS Executable Generic (2000/1)
Reporter abuse_ch
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
2
# of downloads :
371
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/366726/
Detection(s):
Win.Malware.Generickdz-9832496-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Verdict:
No Threat
Threat level:
  2/10
Confidence:
67%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/63ecf8da846a958a581682e7/reports/69ae7476-cf96-4171-b650-93a4c23f8500/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_70%
Link:
https://www.hybrid-analysis.com/sample/82cfc26e57ca8fdd2f47a24ba14fa1ee8e8b29a0d54909a9fdb6346171448754
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Dridex
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ed45387a-1ea1-4fd7-b0da-873a4a07ba5c
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
23 / 100
Link:
https://www.joesandbox.com/analysis/1176201
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/82cfc26e57ca8fdd2f47a24ba14fa1ee8e8b29a0d54909a9fdb6346171448754/
Threat name:
Win32.Trojan.MikeyDridex
Create hunting rule
Status:
Malicious
First seen:
2023-02-15 10:49:51 UTC
File Type:
PE (Dll)
AV detection:
19 of 39 (48.72%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qlh4e3sxzkh52l2hujf2ct5b52hiwkna2veqtkp5wy2gc4keq5ka._file
Verdict:
malicious
Similar samples:
11be3a269a06b23158afb18561fb7c059f3105d1d37ddfec980899e296dc267e
Dridex
1cabf298f73b9af7cd77c9c9646a6238f45e6ac07ed7dd7a44517fd2650d55f2
Dridex
4134bd82bbea78103d0e32728df856870eaa2c0188b59423115c7d779b2bf83a
Dridex
4707cc2c4a34697dc0cee836a78e30d79785177c65938af845cba3782c9d850b
Dridex
77734c9865fd31b3551462126dc27387775ba3a969ec1cb4b6c9fccf45ce43dd
Dridex
77d877ee5c36b18049942136221236b2f650080bf3dd7ca883bcb00ba9582d18
Dridex
81222472b041091fc7af2308fee853b197d8b6dd0010dada181c153998535dd0
Dridex
866940bb59a32647c96466349066246b172adb7a5010678241be3e9663b1d637
Dridex
cc242ab99ab6100dcdc98f004f26041fdd5b67015630d73bff76b03a3d2d607f
Dridex
+ 4 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/230215-ssgq7acd82/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
82cfc26e57ca8fdd2f47a24ba14fa1ee8e8b29a0d54909a9fdb6346171448754
MD5 hash:
05f2a8023c445d3f0cdb3a151ab22d43
SHA1 hash:
f15766b0231a0aa4aecc109ec25ad03886be8489
Link:
https://www.unpac.me/results/52870c4c-0499-4ca7-95e0-8f5391b318b5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/82cfc26e57ca8fdd2f47a24ba14fa1ee8e8b29a0d54909a9fdb6346171448754

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 82cfc26e57ca8fdd2f47a24ba14fa1ee8e8b29a0d54909a9fdb6346171448754

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/979134/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/366726/

Comments