MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8d00cb0248e3933ec12d2e303c058d0dd83eea88fc9191c4ad6a9afaeeb092dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8d00cb0248e3933ec12d2e303c058d0dd83eea88fc9191c4ad6a9afaeeb092dd
SHA3-384 hash: da9aef6661cc75339465f41f29762ef88f723f462762a09fbd8338082dd6c4d463de98573a8c6d3db09a224dd88d61a4
SHA1 hash: 586789de608e94f7df58d693a794e4cf8ed16d01
MD5 hash: af6bb7c9e0bc2da2228ed0f5891c27d9
humanhash: fanta-football-romeo-queen
File name:81z0m.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:204'800 bytes
First seen:2020-12-21 19:51:21 UTC
Last seen:2020-12-21 21:39:37 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash ff4887da2f409d7cc45957b36b659281 (2 x Dridex)
ssdeep 3072:74jjoaPs7Our2PG+z9axt25Oer1XNPVscXKIXtpKvOj0uYOx2Ju:WjoH2++zlxVX7+2bh
Threatray 41 similar samples on MalwareBazaar
TLSH 6E14BD02EFA72B00FC2706FF58DC45525C31BC228932E96AA5D3379A65FDA178F50369
Reporter Anonymous
Tags:Dridex

Intelligence

File Origin
# of uploads :
2
# of downloads :
264
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/108737/
Detection(s):
SecuriteInfo.com.AI.Packer.7FA8DF8A1F.17844.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
22 / 100
Link:
https://www.joesandbox.com/analysis/567690
Signature
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 332921 Sample: 81z0m.dll Startdate: 21/12/2020 Architecture: WINDOWS Score: 22 15 Machine Learning detection for sample 2->15 6 loaddll32.exe 1 2->6         started        process3 process4 8 WerFault.exe 3 9 6->8         started        11 WerFault.exe 3 9 6->11         started        dnsIp5 13 192.168.2.1 unknown unknown 8->13
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8d00cb0248e3933ec12d2e303c058d0dd83eea88fc9191c4ad6a9afaeeb092dd/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-12-21 19:52:06 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
07ef09d52046d7f370a8eb7a0058834eec30b59424d2a804bad3a1794e7c0f61
Dridex
662c21ee2aab3a65de038e9d1d3765093c2dddb0eb4a6ed73799b074f74bb8b9
Dridex
7d508c8c58cc60f2ccbe4c56fe7b7d768de0056d5da6eee1a624dab9b5d251e4
Dridex
7db09fec761120eba416f2047447c5c3f0954f39ca5ed26086e099c28bd349bf
Dridex
7eb170f9d34ad87ab2de388464d87041290fa7baacb2284d8ff02f358c46becd
Dridex
9290d818ef8373a1ba99a14b5982552648ea54fc9ed468019a1ab2a4f833e6a2
Dridex
9407254f8870565c27d6f5328a8b517a2a4788174da2880d0f2e33c6890077b3
Dridex
e3b60fe46c471044d46462de8b2dfda807d75b36dc0a6938b6cf20f554042018
Dridex
e94e13000b458fea9b3da107479516b9f568dfeed7010747d1ab36d2ee363286
Dridex
f0ecc44eacafdb97e9a84785bbdcffce312393c0e219d27040b42a3d4c93f45e
Dridex
+ 31 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet loader
Link:
https://tria.ge/reports/201221-lscbhajpae/
Behaviour
Suspicious use of WriteProcessMemory
Dridex Loader
Dridex
Malware Config
C2 Extraction:
51.75.24.85:443
213.202.229.72:3074
202.91.8.121:4643
195.231.69.151:3889
Unpacked files
SH256 hash:
8d00cb0248e3933ec12d2e303c058d0dd83eea88fc9191c4ad6a9afaeeb092dd
MD5 hash:
af6bb7c9e0bc2da2228ed0f5891c27d9
SHA1 hash:
586789de608e94f7df58d693a794e4cf8ed16d01
Link:
https://www.unpac.me/results/961a4b86-bd64-4ddb-9b6e-7cb4f1e7d68e/
SH256 hash:
1b2706df2394c16886a8ff52289aa4550fe51d17da91c7d99da8b066179cdfda
MD5 hash:
c43662638a3b1d244ac1b6b3db1fb41a
SHA1 hash:
91ed69ef8afe49d23fb83d58083d291188e4ca7c
Link:
https://www.unpac.me/results/961a4b86-bd64-4ddb-9b6e-7cb4f1e7d68e/
SH256 hash:
5599afc1f78db4e3d974434487fb3af1527d9688b3e01d90433cc0d7104855c7
MD5 hash:
d7f65036d4c0e330a3a4c5306fdaf6dd
SHA1 hash:
0661d575eac702962097448e6e5f2e589ac020b3
Detections:
win_dridex_auto
Create hunting rule
Link:
https://www.unpac.me/results/961a4b86-bd64-4ddb-9b6e-7cb4f1e7d68e/
Parent samples :
8d00cb0248e3933ec12d2e303c058d0dd83eea88fc9191c4ad6a9afaeeb092dd
1d4b85e1b491f06bde4c24dba1add4699ba5cebae563eda46aed25b085a139a7
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.24
Link:
https://yomi.yoroi.company/submissions/8d00cb0248e3933ec12d2e303c058d0dd83eea88fc9191c4ad6a9afaeeb092dd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/108737/

Comments