MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 881c022032c6fb9bedfae76dd6c93863b2b7f48e282e0dbcbdcf702a6958ced2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 881c022032c6fb9bedfae76dd6c93863b2b7f48e282e0dbcbdcf702a6958ced2
SHA3-384 hash: e6e8fc6f8cab2eda60d90137432a6e9ac9d764b4b7ff8fc1f856ec6d19935593a96a8c719921f506abb06abd7763df10
SHA1 hash: c0aa8602241f36bb466dae0bb0cd191e905e7e7e
MD5 hash: 056b77549421d66b289f6cfed2d26561
humanhash: carpet-tango-six-angel
File name:unzn3pblrpdf
Download: download sample
Signature Dridex
Create hunting rule
File size:613'376 bytes
First seen:2020-11-16 14:00:36 UTC
Last seen:2020-11-16 15:57:06 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash aa96ac4953367d30a9a1ef70a6767459 (3 x Dridex)
ssdeep 6144:i19P2yLnafTR93YBgobwN+5AxtyTCjzVm8NK/0/cmzt:ine883YdbY+5QyTE1K8/cmzt
Threatray 127 similar samples on MalwareBazaar
TLSH 25D49506FCA74E5BD623127724C72040694EDC8C5F48E88BA3A7F57491B33F469E926E
Reporter JAMESWT_WT
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
2
# of downloads :
131
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.EncPk-APV.26961.30370.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Sending a custom TCP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/537858
Signature
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/881c022032c6fb9bedfae76dd6c93863b2b7f48e282e0dbcbdcf702a6958ced2/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-11-16 14:01:05 UTC
File Type:
PE (Dll)
Extracted files:
10
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
406ae986c72382231fae46850d054ce174f5a70ccf948d21d8e48663c16ec081
Dridex
59b1087ec423c56cba3ca5ef050b8f86a9fb22ddddcf096ca6d92363efaabe2f
Dridex
6b34671b04872cfde098c319f20693021a43ddb8b00f989669778e745e5232a4
Dridex
857b5c1209e2bec7dda0c80b92123f4ceb15f8c560f23551804e4bd09b94e901
Dridex
905960957f03c7a56deaee448ac8fff59f7aad97619ee5a98eb220b9cebee849
Dridex
9bea5cd43e299b1dcf722ab63d3162d0efaa6acd561260c9f5323dbc9ce71383
Dridex
a50ac006054905d1f7fb342ba9053b5cecd381b67c54c9cab365f9b4eca2ee1b
Dridex
adf6d91922505e07b840cdd9f74d33d6c7872bc6534a9be6b27b5d03470c835b
Dridex
d7093640c50ebce8ea387148099bb0e30c9387d2748f728f10398dfd4e365450
Dridex
f72bbba2814630af977b32b71152e7b499a9d154ad2aba5f4b8837081af9ac80
Dridex
+ 117 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet cryptone discovery evasion loader packer trojan
Link:
https://tria.ge/reports/201116-zqkrazxfh2/
Behaviour
Suspicious use of WriteProcessMemory
Checks installed software on the system
Checks whether UAC is enabled
Blacklisted process makes network request
Dridex Loader
Dridex
Malware Config
C2 Extraction:
77.220.64.53:443
172.96.190.154:4664
209.126.111.137:33443
167.99.158.82:33443
Unpacked files
SH256 hash:
02d4f3be670e3a5d0ac40e05d001c3ec38ae806598e9432896900e9706d2196d
MD5 hash:
0d69b711efb8692012ddc2df6ea63a55
SHA1 hash:
79d40d56006567d2669ffbca4c7c4ad15938d6e6
Link:
https://www.unpac.me/results/e3ddf30b-6891-4506-b97c-8abba341b510/
SH256 hash:
881c022032c6fb9bedfae76dd6c93863b2b7f48e282e0dbcbdcf702a6958ced2
MD5 hash:
056b77549421d66b289f6cfed2d26561
SHA1 hash:
c0aa8602241f36bb466dae0bb0cd191e905e7e7e
Link:
https://www.unpac.me/results/e3ddf30b-6891-4506-b97c-8abba341b510/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 881c022032c6fb9bedfae76dd6c93863b2b7f48e282e0dbcbdcf702a6958ced2

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/823446/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/823447/
  
URLhaus
https://urlhaus.abuse.ch/url/823451/
  
URLhaus
https://urlhaus.abuse.ch/url/823450/
  
URLhaus
https://urlhaus.abuse.ch/url/823453/
  
URLhaus
https://urlhaus.abuse.ch/url/823452/
  
URLhaus
https://urlhaus.abuse.ch/url/823454/
  
URLhaus
https://urlhaus.abuse.ch/url/823455/
  
URLhaus
https://urlhaus.abuse.ch/url/823456/
  
URLhaus
https://urlhaus.abuse.ch/url/823457/
  
URLhaus
https://urlhaus.abuse.ch/url/823458/
  
URLhaus
https://urlhaus.abuse.ch/url/823462/
  
URLhaus
https://urlhaus.abuse.ch/url/823460/
  
URLhaus
https://urlhaus.abuse.ch/url/823465/
  
URLhaus
https://urlhaus.abuse.ch/url/823466/
  
URLhaus
https://urlhaus.abuse.ch/url/823467/
  
URLhaus
https://urlhaus.abuse.ch/url/823468/
  
URLhaus
https://urlhaus.abuse.ch/url/823475/
  
URLhaus
https://urlhaus.abuse.ch/url/823471/
  
URLhaus
https://urlhaus.abuse.ch/url/823476/
  
URLhaus
https://urlhaus.abuse.ch/url/823474/
  
URLhaus
https://urlhaus.abuse.ch/url/823473/
  
URLhaus
https://urlhaus.abuse.ch/url/823472/
  
URLhaus
https://urlhaus.abuse.ch/url/823477/
  
URLhaus
https://urlhaus.abuse.ch/url/823478/
  
URLhaus
https://urlhaus.abuse.ch/url/823479/

Comments