MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 88a94091ec39cf0fcb60f326e81f2a12ac40c6f41072f04dd0088d9c435e2d31. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 88a94091ec39cf0fcb60f326e81f2a12ac40c6f41072f04dd0088d9c435e2d31
SHA3-384 hash: c8d0f02414a17737432bf36dab1702c4674fe8541c76bb98acaf14cefe4ea72cd3262a4f8b263f58267ddd08952a6fcb
SHA1 hash: e4506ef09698fb678f9e11190723499e0ee3b0a7
MD5 hash: 5a5bbd8c04147c15575a07e24bdef22e
humanhash: uncle-pluto-alabama-six
File name:5a5bbd8c04147c15575a07e24bdef22e
Download: download sample
Signature Dridex
Create hunting rule
File size:618'496 bytes
First seen:2021-10-13 13:42:57 UTC
Last seen:2021-10-13 16:21:02 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 54afd981c141523b8c68b6a5bfed7202 (6 x Dridex)
ssdeep 12288:uuIBfTwMtjp4CqwqyaXPLAfx38TW9DiWUT2tq017JGoLb2W/:J6b4wqyaDA5sTWiXT2tq07G2L/
Threatray 859 similar samples on MalwareBazaar
TLSH T1DFD4F8013A54E821E7E955B6CF2AC6E85B183D49EFB0A4C778E17F0F2AA94F3D215305
Reporter zbetcheckin
Tags:32 dll Dridex exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
170
Origin country :
n/a
Vendor Threat Intelligence
Detection:
DridexLoader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/197220/
Detection(s):
SecuriteInfo.com.ML.PE-A.23865.26564.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
67%
Tags:
greyware icedid
Link:
https://www.filescan.io/uploads/6166e2689fb4d8593d63a7d5/reports/d417425b-0dd6-4385-bde5-5ceb4294a68b/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Dridex
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/724fa653-236c-46f5-b969-3ffb05e85660
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
bank.troj.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/869660
Signature
C2 URLs / IPs found in malware configuration
Connects to many ports of the same IP (likely port scanning)
Detected Dridex e-Banking trojan
Found malware configuration
System process connects to network (likely due to code injection or exploit)
Yara detected Dridex unpacked file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 502089 Sample: pxuVK14939 Startdate: 13/10/2021 Architecture: WINDOWS Score: 80 28 Found malware configuration 2->28 30 Yara detected Dridex unpacked file 2->30 32 C2 URLs / IPs found in malware configuration 2->32 34 Connects to many ports of the same IP (likely port scanning) 2->34 7 loaddll32.exe 13 2->7         started        process3 signatures4 38 Detected Dridex e-Banking trojan 7->38 10 cmd.exe 1 7->10         started        12 rundll32.exe 7->12         started        14 rundll32.exe 7->14         started        16 rundll32.exe 7->16         started        process5 process6 18 rundll32.exe 12 10->18         started        dnsIp7 22 174.128.245.202, 443, 49740, 49752 ST-BGPUS United States 18->22 24 51.83.3.52, 13786, 49748, 49756 OVHFR France 18->24 26 2 other IPs or domains 18->26 36 System process connects to network (likely due to code injection or exploit) 18->36 signatures8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/88a94091ec39cf0fcb60f326e81f2a12ac40c6f41072f04dd0088d9c435e2d31/
Threat name:
Win32.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2021-10-13 13:43:12 UTC
AV detection:
13 of 28 (46.43%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
dridex
Create hunting rule
gozi
Create hunting rule
Similar samples:
09cceb619174c99d026734f860f26cda0107af31b9153a9f7d6613c86fd57772
Dridex
55cbb43aad59d149ba4bc06684771b5d87a3f570da165437c4d07d442d4b8db7
Dridex
791252fc4def3c4c3bdb270633ffc88c0e2cd8e8e8ba299825a83841a273e7dd
Dridex
98b3fa8ad7143d6bfb754aeca00ded8ffe5789d7e4360f51841801906f5e5551
Dridex
9e39f4494952dfedc6608ebad6c832474045bfaba3ccbb69f8194a2681311eac
Dridex
a9653dacc87403855ff752ff34c6913f5c4f0aec5bfe2c83f95151c9e13d5ba4
Dridex
b354b40413ec755a51a63ab930860d9078d9ad157f1f18b0d0c441d73bf6691c
Dridex
b9bb671587f2dad8a3df83d6bd0b7b8327edf93fadbefe8b6aa7eabe6698ae88
Dridex
c72fa2296308b8500ddb8c345035befee0711451d1272df8b6762c608e0cfb82
Dridex
f14930c641c001377c3c4c468fc97ab43acde69287819c134d529d95c0fb7bb4
Dridex
+ 849 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet:10444 botnet discovery evasion trojan
Link:
https://tria.ge/reports/211013-qz83xaeaer/
Behaviour
Suspicious use of WriteProcessMemory
Checks installed software on the system
Checks whether UAC is enabled
Blocklisted process makes network request
Dridex
Malware Config
C2 Extraction:
174.128.245.202:443
51.83.3.52:13786
69.64.50.41:6602
Unpacked files
SH256 hash:
1d368139d719c9581c96677d804072c936bfce18df851e0521ed04bd78dbdfce
MD5 hash:
7596b6c932934a7aae754a777130a714
SHA1 hash:
e44d1401ebe10e59d861b3301737bf614fbd25a8
Link:
https://www.unpac.me/results/7434f504-95a7-48a4-96f5-bed80c071b41/
SH256 hash:
88a94091ec39cf0fcb60f326e81f2a12ac40c6f41072f04dd0088d9c435e2d31
MD5 hash:
5a5bbd8c04147c15575a07e24bdef22e
SHA1 hash:
e4506ef09698fb678f9e11190723499e0ee3b0a7
Link:
https://www.unpac.me/results/7434f504-95a7-48a4-96f5-bed80c071b41/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/88a94091ec39/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/88a94091ec39cf0fcb60f326e81f2a12ac40c6f41072f04dd0088d9c435e2d31

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 88a94091ec39cf0fcb60f326e81f2a12ac40c6f41072f04dd0088d9c435e2d31

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1673999/
  
URLhaus
https://urlhaus.abuse.ch/url/1674066/
  
URLhaus
https://urlhaus.abuse.ch/url/1674101/
  
URLhaus
https://urlhaus.abuse.ch/url/1674120/
  
URLhaus
https://urlhaus.abuse.ch/url/1674126/
  
URLhaus
https://urlhaus.abuse.ch/url/1674022/
  
URLhaus
https://urlhaus.abuse.ch/url/1674051/
  
URLhaus
https://urlhaus.abuse.ch/url/1674044/
  
URLhaus
https://urlhaus.abuse.ch/url/1674099/
  
URLhaus
https://urlhaus.abuse.ch/url/1673974/
  
URLhaus
https://urlhaus.abuse.ch/url/1674061/
  
URLhaus
https://urlhaus.abuse.ch/url/1673976/
  
URLhaus
https://urlhaus.abuse.ch/url/1674121/
Cape
Cape
https://www.capesandbox.com/analysis/197220/
  
URLhaus
https://urlhaus.abuse.ch/url/1674116/
  
URLhaus
https://urlhaus.abuse.ch/url/1674067/

Comments


Avatar
zbet commented on 2021-10-13 13:42:58 UTC

url : hxxps://macdistribucion.com/f7lblj1.tar