MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9290d818ef8373a1ba99a14b5982552648ea54fc9ed468019a1ab2a4f833e6a2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9290d818ef8373a1ba99a14b5982552648ea54fc9ed468019a1ab2a4f833e6a2
SHA3-384 hash: c1872ba2237808be50ad62ee87d49d885b796715e34b96dcd8102dfa197caf2cebf96c6e6b6dc6d8f386dfb55440bf68
SHA1 hash: d32d251beb1b8dbfb140d837313be8c68ab84272
MD5 hash: bf83cf5deaf75bf03f29eb138a85c626
humanhash: london-idaho-cold-bluebird
File name:bf83cf5deaf75bf03f29eb138a85c626.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:163'840 bytes
First seen:2020-12-08 07:12:14 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 842840b4a5fa1ec7b68830dd7f3c6f0f (3 x Dridex)
ssdeep 3072:lyJBV7TXFiHn6LhN4UMELprgwwYdmpyPWNwOIU/x34dECL5Ff:lMBVvXdf9gww+mgK/jxbO
Threatray 12 similar samples on MalwareBazaar
TLSH A6F3D082E3CDA7ADF98222B7B355D23B59E2BD08C02BE43CF64A3ADB5535120F454E45
Reporter abuse_ch
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
153
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/107167/
Detection(s):
SecuriteInfo.com.Variant.Razy.797307.21879.32372.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
23 / 100
Link:
https://www.joesandbox.com/analysis/557642
Signature
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 327918 Sample: 7VyZIrBfh9.dll Startdate: 08/12/2020 Architecture: WINDOWS Score: 23 13 g.msn.com 2->13 15 Machine Learning detection for sample 2->15 7 loaddll32.exe 1 2->7         started        signatures3 process4 process5 9 WerFault.exe 3 9 7->9         started        11 WerFault.exe 3 9 7->11         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9290d818ef8373a1ba99a14b5982552648ea54fc9ed468019a1ab2a4f833e6a2/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-12-08 07:31:03 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=skinqghpqnz2douzuffvtasvezeouvh4t3kgqam2dkzkj6bt42ra._file
Verdict:
unknown
Similar samples:
1db38d773d052e456749bb5fe1fd6ef045dedd30b8b1a0ae42bb62c26e9a2f18
Dridex
25d838419ca42f920a05afe582e328ca7bc5d498ae642b20f114b4415077d7f9
Dridex
31d883327033b6efb446e9416952c638152072095e6fbfab537b74bee477b6ca
Dridex
76506e2eab776fca3b25d360c68d7be1fd5f55063319c1977b78634624d29bcc
Dridex
7a91d43923b23b640842519263ff8dc2eb0f411f2f1688727db5c7dfacbab7be
Dridex
7eb170f9d34ad87ab2de388464d87041290fa7baacb2284d8ff02f358c46becd
Dridex
853ac6f84a9eace14a817fd180585f76b263a66f072f3236842737301a047f29
Dridex
b2ea69acccab0f220ad7c53d6da1151eab1c9671367d0018e772d925d671f167
Dridex
ea9efe328c387d0e2db9403cf89c5176f9982cf24b70cd8e83c25045c954a87b
Dridex
fd4159627ae84c3010c4fa3398c64d9639997d795338ab11fe2ad464f160b74e
Dridex
+ 2 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet loader
Link:
https://tria.ge/reports/201208-jh6hc7yple/
Behaviour
Suspicious use of WriteProcessMemory
Dridex Loader
Dridex
Malware Config
C2 Extraction:
169.255.216.36:443
87.106.89.36:3389
27.254.174.84:4443
92.94.251.127:3786
Unpacked files
SH256 hash:
682c49b7bbda8d39e65c9b957f2618afb0766f14352b9618f74e406465a772c6
MD5 hash:
81543621bf4275af600eef64efc69150
SHA1 hash:
f95f2bfd1abbeb007fcb32b30c94ca1b094b4022
Link:
https://www.unpac.me/results/8e89a7f1-5710-4a70-ab7e-9a7cc2710310/
SH256 hash:
43762ec66d49d22047f6e1f8aa990105ddec0d84d73934977ba0d439094f8e3b
MD5 hash:
d2c12689b161957236f416615a8aa85d
SHA1 hash:
2577ac72b1bbc52294a5a47f11fc9d4cb21111ee
Detections:
win_dridex_auto
Create hunting rule
Link:
https://www.unpac.me/results/8e89a7f1-5710-4a70-ab7e-9a7cc2710310/
Parent samples :
9290d818ef8373a1ba99a14b5982552648ea54fc9ed468019a1ab2a4f833e6a2
f0ecc44eacafdb97e9a84785bbdcffce312393c0e219d27040b42a3d4c93f45e
07ef09d52046d7f370a8eb7a0058834eec30b59424d2a804bad3a1794e7c0f61
SH256 hash:
9290d818ef8373a1ba99a14b5982552648ea54fc9ed468019a1ab2a4f833e6a2
MD5 hash:
bf83cf5deaf75bf03f29eb138a85c626
SHA1 hash:
d32d251beb1b8dbfb140d837313be8c68ab84272
Link:
https://www.unpac.me/results/8e89a7f1-5710-4a70-ab7e-9a7cc2710310/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.24
Link:
https://yomi.yoroi.company/submissions/9290d818ef8373a1ba99a14b5982552648ea54fc9ed468019a1ab2a4f833e6a2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll 9290d818ef8373a1ba99a14b5982552648ea54fc9ed468019a1ab2a4f833e6a2

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/898179/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/107167/

Comments