MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 86d55ba28713a590cf72f9a9908d5d42df492c7dd90573ffe629187456848215. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 86d55ba28713a590cf72f9a9908d5d42df492c7dd90573ffe629187456848215
SHA3-384 hash: 7c4a97658cb273472a121b341aebb03ac8dcd8a688260449ea0edc0ac1c71f922a28f5c946d758341a2138d7c8e3ed02
SHA1 hash: 80226f6369832f22166bdcf861c9b18ca8136110
MD5 hash: 58916dc38423e8ceb26318862f84e29e
humanhash: asparagus-violet-nebraska-undress
File name:SecuriteInfo.com.Trojan.Dridex.735.5073.9399
Download: download sample
Signature Dridex
Create hunting rule
File size:303'104 bytes
First seen:2020-12-19 19:31:28 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 44323194308d203d3e24e33067a1ef8a (3 x Dridex)
ssdeep 6144:37DrbzLzj7zL7Drjdf6f1JkbSx0/H8bVMlt7sQaB2XqLYHfcf2B2q7fECeMQz:oHx68bilhsQryYo246fEjM4
Threatray 224 similar samples on MalwareBazaar
TLSH C9546B4D2B8168B6E266E2BD71F9CF5C20F72A502774164F9CDFD1690533A0B9E890CB
Reporter SecuriteInfoCom
Tags:Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
214
Origin country :
n/a
Vendor Threat Intelligence
Detection:
DridexLoader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/108568/
Detection(s):
SecuriteInfo.com.Trojan.Dridex.735.5073.9399.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Sending a custom TCP request
Creating a window
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
bank
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/566849
Signature
Detected Dridex e-Banking trojan
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/86d55ba28713a590cf72f9a9908d5d42df492c7dd90573ffe629187456848215/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-12-15 17:10:25 UTC
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
005e9151ee4b6399cd27d282bd53104ef59bd89fd3fb65c05cd959992f770afa
Dridex
230faee590b012da2bc8fcd3bb46405e4223f3b4dd0de58574d72a602ba0e742
Dridex
2c6110a76dda8da49195052fa561ab8b8278c02df400124e46d26d2df228b70b
Dridex
a1658b979357f174c83dcd9867941d8cd917beb3ea67720fa43b6340b27762ba
Dridex
aacb087e8f85cfd1b69dabd575e8fa48ca589ce69cc6a90e02abc96ea5731a9f
Dridex
d5ae179e561ca5d1c70064a4566d38475d070047fff325b5e12caa4132232c5c
Dridex
d70a533b5cff7cbd5cfd5971d7035c07ec3bd0cb20c3171f7dab1620e573a59f
Dridex
ee492eda053d19e082cd88acef8825e8dfd4616d51689e2e9667f5ed9035b1df
Dridex
f4c15b1eee06d45fa6115ddcfeb24bdacf54570352e0cb713e1c5895089dae1d
Dridex
fa2c2ec137b588edf286ad4f4b35f509256499debeb854a20c89e5c80da41b72
Dridex
+ 214 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet discovery evasion loader trojan
Link:
https://tria.ge/reports/201219-f4hql7gq2e/
Behaviour
Suspicious use of WriteProcessMemory
Checks installed software on the system
Checks whether UAC is enabled
Blocklisted process makes network request
Dridex Loader
Dridex
Malware Config
C2 Extraction:
77.220.64.37:443
51.15.176.55:3389
85.25.144.36:4643
139.162.53.147:4443
Unpacked files
SH256 hash:
86d55ba28713a590cf72f9a9908d5d42df492c7dd90573ffe629187456848215
MD5 hash:
58916dc38423e8ceb26318862f84e29e
SHA1 hash:
80226f6369832f22166bdcf861c9b18ca8136110
Link:
https://www.unpac.me/results/d983b1a9-e798-4668-9154-56a46d76fc24/
SH256 hash:
aaff5ea8ad962a4088b271c996f7d606666a7a51cf55daabf88a8eee393c84db
MD5 hash:
79482a2e774fc2c91fb441b2fdbcf909
SHA1 hash:
915574033ce56106330d569df3fadb2c15db9b78
Link:
https://www.unpac.me/results/d983b1a9-e798-4668-9154-56a46d76fc24/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Dridex
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/86d55ba28713a590cf72f9a9908d5d42df492c7dd90573ffe629187456848215

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 86d55ba28713a590cf72f9a9908d5d42df492c7dd90573ffe629187456848215

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/930643/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/108568/

Comments