MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 87386671fde0711dec82c78b3517858e4c86bbeac6854bcb8b541fc8a71d5425. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Dridex

Vendor detections: 8

Intelligence 8 IOCs YARA 1 File information Comments

SHA256 hash:	87386671fde0711dec82c78b3517858e4c86bbeac6854bcb8b541fc8a71d5425
SHA3-384 hash:	179156bde2aa31fbf30b9232ad2ff4f8ce13a13df9e9cea4119b7248246b4a46dd81da7df815bbdc1d22c46f2712f131
SHA1 hash:	c791c11b003c77694d1562898ea5c8ccf41c02c3
MD5 hash:	36856caa6df9493c7cf068d4feb7615b
humanhash:	tango-asparagus-hamper-seventeen
File name:	1ff4c95e6cfadea75c82c76a1adc24e0c570d0a3c6dd423c22c5d00e0eb343a5_3.dll
Download:	download sample
Signature	Dridex Create hunting rule
File size:	351'744 bytes
First seen:	2020-07-17 06:40:22 UTC
Last seen:	2020-07-17 07:47:18 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	fadb798802ae31c994e0c2f0a13ae19d (1 x Dridex)
ssdeep	6144:jjZFmxnzLXcoS5RxibFGtv7YivjDiS85Zk2xibzeLFw7e:jwnzLX65aU6E+/rk2MbqLFwy
Threatray	49 similar samples on MalwareBazaar
TLSH	74742361D239C5E2DD83D570C3F8D37E9EB0788314DD9AEA5FDAE16C006468962E1B42
Reporter	TrappmanRhett
Tags:	Dridex

Intelligence

File Origin

# of uploads :

# of downloads :

284

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/27235/

Detection(s):

PUA.Win.Packer.Upolyx-12

Result

Verdict:

Malware

Maliciousness:

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/388974

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

dridex

Link:

https://mwdb.cert.pl/sample/87386671fde0711dec82c78b3517858e4c86bbeac6854bcb8b541fc8a71d5425/

Threat name:

Win32.Trojan.CryptInject

Status:

Malicious

First seen:

2020-07-17 06:42:05 UTC

File Type:

PE (Dll)

Extracted files:

AV detection:

20 of 29 (68.97%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=q44gm4p54byr33ecy6ftkf4frzgino7ky2cuxs4lkqp4rjy5kqsq._file

Verdict:

malicious

Label(s):

gozi

Result

Malware family:

n/a

Score:

8/10

Tags:

upx

Link:

https://tria.ge/reports/200717-py6x4gqakn/

Behaviour

UPX packed file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/87386671fde0711dec82c78b3517858e4c86bbeac6854bcb8b541fc8a71d5425

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	suspicious_packer_section Create hunting rule
Author:	@j0sm1
Description:	The packer/protector section names/keywords
Reference:	http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/27235/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample