MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8ceb186696c9bda47466e5ecd1d0f0d5f93318e8bdc6b42454dd3be884e99e33. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8ceb186696c9bda47466e5ecd1d0f0d5f93318e8bdc6b42454dd3be884e99e33
SHA3-384 hash: 8e699901f2e93a9908d2d0c4bb1415a6d28be6ed642019ad8694556d7ccae69ae97517d816b9fb5b7d708e2473829f3d
SHA1 hash: 818423b1fc4f4149e2bda0feb359c1605de1eb6c
MD5 hash: 455e8c40a659762249a13b5ef6cfb2cb
humanhash: hotel-enemy-speaker-nevada
File name:ucjk7st
Download: download sample
Signature Dridex
Create hunting rule
File size:436'224 bytes
First seen:2020-11-26 12:04:22 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash e7414cbd2b4f58d2e4decdcb6ca7030a (2 x Dridex)
ssdeep 6144:75QWC9P2yLnafTR93YBgobwN+5AxtyTCjzVm8NgSbr/aRZMbFofndmLB:75bee883YdbY+5QyTE1pbrzyfndmLB
Threatray 176 similar samples on MalwareBazaar
TLSH 8C94BF3835E4D7BBEA3B667924D212D3F7D0EE2479C20C473957E9A3003A1895ACB709
Reporter JAMESWT_WT
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
150
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/105736/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/548139
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8ceb186696c9bda47466e5ecd1d0f0d5f93318e8bdc6b42454dd3be884e99e33/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-11-26 09:42:38 UTC
File Type:
PE (Dll)
Extracted files:
26
AV detection:
26 of 28 (92.86%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
0c05f90aa40d2a6a3dec2d3bcc5abea8d47058930edf8f80daa2058923f92819
Dridex
255327cc966eebcdb52f94414c36920585f2190ae10a9560db5047def717b2ac
Dridex
2c6110a76dda8da49195052fa561ab8b8278c02df400124e46d26d2df228b70b
Dridex
4b1f2c18b149fd0e878c362ffba50bb553d7bea93a795b33e398d032dc0b7663
Dridex
6982aa6e1abd9b560f201ecb623c034d0c01e9a636cd7d29fe687968e4fb61c3
Dridex
a1658b979357f174c83dcd9867941d8cd917beb3ea67720fa43b6340b27762ba
Dridex
b12b65a39a6261016b7473cfd08c316cee6958739e00bb746331bdfb52b4b0bb
Dridex
e20dadb65651d81743aae5451f4f63d6fd7a7da48d4bf71af247a033ac46ee11
Dridex
e709f2ea257608c15b38293625cbe56694b1a8bc154fc0711f10bbc6b5895686
Dridex
ee492eda053d19e082cd88acef8825e8dfd4616d51689e2e9667f5ed9035b1df
Dridex
+ 166 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet discovery evasion loader trojan
Link:
https://tria.ge/reports/201126-mrd8rz1nds/
Behaviour
Suspicious use of WriteProcessMemory
Checks installed software on the system
Checks whether UAC is enabled
Blacklisted process makes network request
Dridex Loader
Dridex
Malware Config
C2 Extraction:
194.225.58.216:443
178.254.40.132:691
216.172.165.70:3889
198.57.200.100:3786
Unpacked files
SH256 hash:
12584204bd7ba0320ad7a299a1a42079409581849a39ad4b0be60313550a042f
MD5 hash:
4430f2762d113a1210c983d44febbba8
SHA1 hash:
d3a89baa6206e3f926ab3605576790260eecd90c
Link:
https://www.unpac.me/results/69b6ef0d-c1e7-4543-a472-233737efa02e/
SH256 hash:
8ceb186696c9bda47466e5ecd1d0f0d5f93318e8bdc6b42454dd3be884e99e33
MD5 hash:
455e8c40a659762249a13b5ef6cfb2cb
SHA1 hash:
818423b1fc4f4149e2bda0feb359c1605de1eb6c
Link:
https://www.unpac.me/results/69b6ef0d-c1e7-4543-a472-233737efa02e/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 8ceb186696c9bda47466e5ecd1d0f0d5f93318e8bdc6b42454dd3be884e99e33

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/853539/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/856237/
  
URLhaus
https://urlhaus.abuse.ch/url/853535/
  
URLhaus
https://urlhaus.abuse.ch/url/854404/
  
URLhaus
https://urlhaus.abuse.ch/url/853536/
  
URLhaus
https://urlhaus.abuse.ch/url/853534/
  
URLhaus
https://urlhaus.abuse.ch/url/853537/
  
URLhaus
https://urlhaus.abuse.ch/url/853538/
  
URLhaus
https://urlhaus.abuse.ch/url/853532/
Cape
Cape
https://www.capesandbox.com/analysis/105736/

Comments