MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9dd7c421939c2618ca5fa163cf9688a64954f23252d67655bae0005f495f45e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9dd7c421939c2618ca5fa163cf9688a64954f23252d67655bae0005f495f45e8
SHA3-384 hash: 864d0e09d367a552754d2ef45fefaec52659b415872a3139cd07cd35384d571fb495048f91960dc6a594daa9032ed3d8
SHA1 hash: 82f7cc277d3f93c7ab3562c2680cd8209a92b066
MD5 hash: d64f1c40355d8ac1003fcf152ef21779
humanhash: north-cardinal-lion-sad
File name:mat-debug-4708
Download: download sample
Signature Dridex
Create hunting rule
File size:314'368 bytes
First seen:2020-06-29 12:38:36 UTC
Last seen:2020-06-29 16:30:20 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 42c1c47ebfea727d68b2c58f3200c802 (3 x Dridex)
ssdeep 6144:kSWHIuBFFVpvhnJ8Q49Zh4TbXamNk03aH37fJ:6ZFbpvhOQKhqrt5GLfJ
Threatray 685 similar samples on MalwareBazaar
TLSH F664D15236D0D4B5D4A746B18E64E1BA86E9FD61EE308C4337CC5F8F6A21DD0C23AB52
Reporter JAMESWT_WT
Tags:Dridex

Intelligence

File Origin
# of uploads :
3
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/16288/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Detection:
dridex
Create hunting rule
Link:
https://mwdb.cert.pl/sample/9dd7c421939c2618ca5fa163cf9688a64954f23252d67655bae0005f495f45e8/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 12:40:08 UTC
File Type:
PE (Dll)
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=txl4iimttqtbrss7ufr47fuiuzevj4rskllhmvn24aaf6sk7ixua._file
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
1ff4c95e6cfadea75c82c76a1adc24e0c570d0a3c6dd423c22c5d00e0eb343a5
Dridex
72d14b5dbeb6122616375a565b069cb2ef855fc5f581eddc6851d9bda1ed0974
Dridex
87386671fde0711dec82c78b3517858e4c86bbeac6854bcb8b541fc8a71d5425
Dridex
8f587faf3a428d68d8e1215171e47f12c72800b48058f516e4f5d176d6e43625
Dridex
9383f31f7bc24ff78b9b021ad004b5ea5d782dc86f11aa7b9f636ddd214223d0
Dridex
957b1e8b7308eb577f784e30e88ec055739300e59300b0bf61a5a3d78aedfb8f
Dridex
a01539a9b0e994cce7c65347149bf99a2cfbc5a262472fef6ea53e5bbbe01d66
Dridex
b66a5d391335b6dc827225b6531f172151d8a87c7514de789bcaf1999b0645ff
Dridex
c6de2ef240cdca97e8d5d6fdcfc7bfd8d5c81a47204d268bd08e4b963d66a64b
Dridex
d6d737cec7b0cacc3ddcd3e6d2a8d40adbbd95e9676aabaf80b1e2120e04a89d
Dridex
+ 675 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
evasion trojan discovery
Link:
https://tria.ge/reports/200629-4sblkdpz12/
Behaviour
Suspicious use of WriteProcessMemory
Checks whether UAC is enabled
Checks for installed software on the system
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/58_158_177_102/status/1277579915890577411?s=20
Cape
Cape
https://www.capesandbox.com/analysis/16288/

Comments