MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 91dbd86b6e7d2eac22b3cf30852457bcbd9dea6b5b10f489ecfd91a4d8fad7bc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 91dbd86b6e7d2eac22b3cf30852457bcbd9dea6b5b10f489ecfd91a4d8fad7bc
SHA3-384 hash: cfdcf388b94ba998a7503c773058e8fa3e325875e490fae4e3c0e0f0a45d70a646c747bea2de35dddb6d7a70714995b6
SHA1 hash: 28aa7ed1b8f417975c1b8bfdcc7eb880d4749f77
MD5 hash: ffd5a74a641dc2495e02da213d6976b1
humanhash: item-ceiling-nebraska-july
File name:ffd5a74a_by_Libranalysis
Download: download sample
Signature Dridex
Create hunting rule
File size:165'376 bytes
First seen:2021-05-05 17:02:47 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash fe65a1f7486a2b7fbd4091fc108e3b31 (574 x Dridex, 1 x Gozi)
ssdeep 3072:3k45bscWrhftr4SOX63M5jY17lh9sDVj9a/KBz9YlYU:04KcMhVkbK3hDq9E8i
Threatray 33 similar samples on MalwareBazaar
TLSH C3F3C085DBABE87FC45A35399071DFFB5B388B145240C870EB6969EFCA07B110856C83
Reporter Libranalysis
Tags:Dridex


Avatar
Libranalysis
Uploaded as part of the sample sharing project

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.EncPk-APX.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/91dbd86b6e7d2eac22b3cf30852457bcbd9dea6b5b10f489ecfd91a4d8fad7bc/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-05-05 17:03:22 UTC
AV detection:
12 of 44 (27.27%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
665da24ec510b6c981f13caa585b8b55c20b4448b6a56f3faed6fb5ff3128862
Dridex
76af3c4ddae1bb5c3401f18f79f29b295ee671401b224095dd82db5bb7a0199c
Dridex
7fc785b09122d5aa45cb403b468f7ee3d5bb8904e1f8da25a95053384eb606ba
Dridex
8789f7d53922182436d7fba64e567a00a7996fd38ec1c2113f4e99f48d159432
Dridex
9c8e4d921fe58d8c5891e4e798491323c38ef50e1abb2d402c14cf3e3e73ef0c
Dridex
b1c932b82e70544a381a0a0ffe1116a71a0dbc1c2b3e5afd63d7ddd0507489ca
Dridex
c2feca835d3ef43bf5f97c6b32b59e63c39cc169fad1fb88174894b74708ff05
Dridex
c369a4aca81eae4b0a4026485360cdbd6a88cdafe414726802d5b6a622294e73
Dridex
f2f107d65d74ee1978c27a650fba33b690768d7090ed7177b0e44e7349d4a31a
Dridex
fa4597b75c708c94cb5828dfd5883a7e1bb9a5b94e978aca1f77471f99c2a3e1
Dridex
+ 23 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet:22201 botnet loader
Link:
https://tria.ge/reports/210505-fxpwqhz442/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Dridex Loader
Dridex
Malware Config
C2 Extraction:
45.55.134.126:443
67.207.83.96:8172
193.160.214.95:4125
Unpacked files
SH256 hash:
91dbd86b6e7d2eac22b3cf30852457bcbd9dea6b5b10f489ecfd91a4d8fad7bc
MD5 hash:
ffd5a74a641dc2495e02da213d6976b1
SHA1 hash:
28aa7ed1b8f417975c1b8bfdcc7eb880d4749f77
Link:
https://www.unpac.me/results/a5344111-d732-4a89-93c7-df5900f3afc7/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-05-05 18:23:45 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [B0009] Anti-Behavioral Analysis::Virtual Machine Detection
1) [C0027.009] Cryptography Micro-objective::RC4::Encrypt Data
2) [C0021.004] Cryptography Micro-objective::RC4 PRGA::Generate Pseudo-random Sequence