MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c8896ec10234612dd5063dfa4f84ca815ace19c4c2b0b3def9c29be0029f390. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8c8896ec10234612dd5063dfa4f84ca815ace19c4c2b0b3def9c29be0029f390
SHA3-384 hash: 2019d08b63acf480e6d82fc5b32ea12126088b2c4fcdc731527deab89a4a99d76411c06b11fe224d1f1d5a6113242ec1
SHA1 hash: 80ef0434d370a4b112cb632b1868aad93d53a9bd
MD5 hash: 0704068b7be5426f38f2da38c965d04e
humanhash: bluebird-michigan-muppet-pennsylvania
File name:g3hrrmjj1pdf
Download: download sample
Signature Dridex
Create hunting rule
File size:286'720 bytes
First seen:2020-10-02 04:11:26 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash c5de455d81abbc68d1b34bdb0878579d (1 x Dridex)
ssdeep 6144:SqUtrd+yrmjlZI3vIVMPN6SG2H9X0A6NPXiGmJ5WMm:Sz+yoZIwVMPN6SG2x0dNfiGuI
Threatray 11 similar samples on MalwareBazaar
TLSH D654CF10766CC43DED4A4BBE8C94D630A6AA79819F7808D337E247CF6767292912F743
Reporter JAMESWT_WT
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
184
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/67621/
Detection(s):
SecuriteInfo.com.Generic.mg.0704068b7be5426f.20212.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/479922
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 292400 Sample: g3hrrmjj1pdf Startdate: 02/10/2020 Architecture: WINDOWS Score: 52 25 Multi AV Scanner detection for submitted file 2->25 27 Machine Learning detection for sample 2->27 8 loaddll32.exe 1 2->8         started        process3 process4 10 cmd.exe 1 8->10         started        12 regsvr32.exe 8->12         started        process5 14 iexplore.exe 1 74 10->14         started        process6 16 iexplore.exe 145 14->16         started        dnsIp7 19 edge.gycpi.b.yahoodns.net 87.248.118.22, 443, 49775, 49776 YAHOO-DEBDE United Kingdom 16->19 21 tls13.taboola.map.fastly.net 151.101.1.44, 443, 49769, 49770 FASTLYUS United States 16->21 23 10 other IPs or domains 16->23
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8c8896ec10234612dd5063dfa4f84ca815ace19c4c2b0b3def9c29be0029f390/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-10-02 01:14:12 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rsejn3aqendbfxkqmpp2j6cmvak2zym4jqvqwppptqu34abj6oia._file
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
1b51d0ffc92c95be92b7da71bd49b75910839d15203a0fc8a52172ed51e3ed87
Dridex
30ddf8d34671494f41ef339a36a9a91d8593a297c299c16603c73e1842486284
Dridex
499ca0fe7ccf47d465bb6dc804b978cd2785e99e45dd257d15fcbf101b26bcab
Dridex
5134abe5dc819aae6cd91607cad4ab81f79dae8531dbdbfcac3631d95f82ab4c
Dridex
63edc4ccc3345880ec3dd6e74360b45a0fa1e9b3147c21d245557ee0721fc347
Dridex
7a77b516c563c8bbe904af3b90cfb89148b879b807aa34d93be3b1a2eb93a016
Dridex
93a47f8cffdd7f69d020813a390ffcf3bf850a5e53d398feba160f8efd2b5c43
Dridex
b354b40413ec755a51a63ab930860d9078d9ad157f1f18b0d0c441d73bf6691c
Dridex
d0b22ae087511553366f2c9292424f5f3bebbbe621ed54a91d52b9f8d96f594e
Dridex
fa4745a9f86a7516cc6fdf77834b1b9ab83ba3a29743461eabe2bec180c9de86
Dridex
+ 1 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
botnet loader evasion trojan discovery family:dridex
Link:
https://tria.ge/reports/201002-8q3289nd1j/
Behaviour
Suspicious use of WriteProcessMemory
Checks installed software on the system
Checks whether UAC is enabled
Blacklisted process makes network request
Dridex Loader
Dridex
Malware Config
C2 Extraction:
146.164.126.197:443
69.16.193.166:9443
193.90.12.122:3098
157.245.103.132:14043
Unpacked files
SH256 hash:
8c8896ec10234612dd5063dfa4f84ca815ace19c4c2b0b3def9c29be0029f390
MD5 hash:
0704068b7be5426f38f2da38c965d04e
SHA1 hash:
80ef0434d370a4b112cb632b1868aad93d53a9bd
Link:
https://www.unpac.me/results/2485c2ff-3f7d-45b6-9bdf-7f4fb54af664/
SH256 hash:
8bf5129ae2232324c5425e00719f6e66bf43e713e5e51fca5a82175cc22d3330
MD5 hash:
84316afc575ab6e0c2bf013d24cb73f1
SHA1 hash:
5aca19cca40c883b3457f1e66a68cef83d3c0436
Link:
https://www.unpac.me/results/2485c2ff-3f7d-45b6-9bdf-7f4fb54af664/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8c8896ec10234612dd5063dfa4f84ca815ace19c4c2b0b3def9c29be0029f390

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 8c8896ec10234612dd5063dfa4f84ca815ace19c4c2b0b3def9c29be0029f390

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/67621/
  
URLhaus
https://urlhaus.abuse.ch/url/638322/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/638323/
  
URLhaus
https://urlhaus.abuse.ch/url/638325/
  
URLhaus
https://urlhaus.abuse.ch/url/638326/
  
URLhaus
https://urlhaus.abuse.ch/url/638327/
  
URLhaus
https://urlhaus.abuse.ch/url/638329/
  
URLhaus
https://urlhaus.abuse.ch/url/638330/

Comments