MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9e7156a3ee3d864ea24daa5db9c90bc9505e034ed45dab8115490fda05c113d9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 12


Intelligence 12 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9e7156a3ee3d864ea24daa5db9c90bc9505e034ed45dab8115490fda05c113d9
SHA3-384 hash: 851c8dfbd66fbd81107d4169e0076a8f7a3cede4c904e9b3e2562feaa4af1b213eb8ac20dd9b81abd4dde54781072451
SHA1 hash: 78c1151edf11a33905b216a025c217e2a48fbdbf
MD5 hash: a04edc0abd030bd47d9d726e600562ea
humanhash: alabama-oxygen-timing-may
File name:a04edc0abd030bd47d9d726e600562ea.exe
Download: download sample
Signature Dridex
Create hunting rule
File size:1'046'016 bytes
First seen:2021-07-10 06:08:48 UTC
Last seen:2021-07-10 06:49:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 33b47be4bc0105fb9c542fd6ed2745fa (1 x Dridex)
ssdeep 6144:7WAIsOLTEcDpn9IkQFqgrHojg6aH+LkCdGLFDPMTJYhr64Fgw:bIsOnNp1V8ojg3IzYLFPMdV4Fgw
Threatray 876 similar samples on MalwareBazaar
TLSH T12525013ABF9CDEA5C6264CF3B39BA1BF61258130164E64EB9758E810CD2F1C5CE13586
Reporter abuse_ch
Tags:Dridex exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
294
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
a04edc0abd030bd47d9d726e600562ea.exe
Verdict:
Malicious activity
Analysis date:
2021-07-10 06:09:43 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/10c95602-8760-493c-8477-1522c7000b8e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
DridexLoader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/170767/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.37210180.8670.9921.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Dridex
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d43ec7c8-3890-4572-9213-5507cd3f689a
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
bank.troj.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/814281
Signature
C2 URLs / IPs found in malware configuration
Detected Dridex e-Banking trojan
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected Dridex unpacked file
Behaviour
Behavior Graph:
Download SVG
Detection:
dridex
Create hunting rule
Link:
https://mwdb.cert.pl/sample/9e7156a3ee3d864ea24daa5db9c90bc9505e034ed45dab8115490fda05c113d9/
Threat name:
Win32.Trojan.Qshell
Create hunting rule
Status:
Malicious
First seen:
2021-07-08 18:34:00 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tzyvni7ohwde5isnvjo3tsilzfif4a2o2ro2xaivjeh5ubobcpmq._file
Verdict:
malicious
Label(s):
emotet
Create hunting rule
dridex
Create hunting rule
Similar samples:
1ec5aeccf89c5d7a378e443e742e37f05a2aa7cb71150ee0ca4876c6b37d7b4d
Dridex
48afec636886aebdf7f0be7d5b9c034f2568b890215a15f13554933d94322045
Dridex
49b57d024424267e79102b40cacbdb69c6e92ec41d5443d069da06e4eb083921
Dridex
5915848dc0c0e2e649fdc29ed1d3270ec15b78493e9ca9debf5e85a090e533b6
Dridex
71b928fd0b29e21bbfa4755b5347f4dc40653a82ec7ecf4947e325dbec23abaa
Dridex
bc06c918fab5afbb61d15611dedadbc9012cf9e4979e9d3f261a9046c306bb87
Dridex
c848b9f81ec7dcc330cc57ede3482805ccad25143eac801f7f56fc5cc0ccace5
Dridex
d33a4d3ac76095145e6061009fc20432b5c2c6ec4a828c7b6956ea5f072f2c34
Dridex
eb639e9d45ed4d4cf911195b7ef53d61897dd8f826c542ae411854ddec3aea87
Dridex
f87ed79fbb1a2228c97fb59127eade39c4f8218fa28ddd76b50da177d81438e3
Dridex
+ 866 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet:10111 botnet discovery evasion trojan
Link:
https://tria.ge/reports/210710-12w1p7raxs/
Behaviour
Checks installed software on the system
Checks whether UAC is enabled
Dridex
Malware Config
C2 Extraction:
43.229.206.214:4664
37.59.103.148:4664
79.143.186.143:5007
Unpacked files
SH256 hash:
d57eee88478272f9b079149ed3ad3d47e1b269e0ad2bd21eb13037552e5db6ca
MD5 hash:
bf0247718c1b047ea78f889cc7a32507
SHA1 hash:
08e0f389758913d13d2eed5b4e9f40063a879b2f
Link:
https://www.unpac.me/results/1115f2ab-c38e-41e8-98c6-45a712aa9042/
SH256 hash:
9e7156a3ee3d864ea24daa5db9c90bc9505e034ed45dab8115490fda05c113d9
MD5 hash:
a04edc0abd030bd47d9d726e600562ea
SHA1 hash:
78c1151edf11a33905b216a025c217e2a48fbdbf
Link:
https://www.unpac.me/results/1115f2ab-c38e-41e8-98c6-45a712aa9042/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9e7156a3ee3d864ea24daa5db9c90bc9505e034ed45dab8115490fda05c113d9

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DridexLoader
Create hunting rule
Author:kevoreilly
Description:Dridex v4 dropper C2 parsing function
Rule name:win_dridex_loader_v2
Create hunting rule
Author:Johannes Bader @viql
Description:detects some Dridex loaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/170767/

Comments