MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a129f0d21e80d53b7de86f2b6cdc8434f75a4fb98eb87aa43753cb5bbdf561da. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a129f0d21e80d53b7de86f2b6cdc8434f75a4fb98eb87aa43753cb5bbdf561da
SHA3-384 hash: ef3dcd084f16783f090fa1763b9cc06c6637a8e5ffa2c68bc0a4f6c20d5b50c3357d4e268b3cd6928d4e262926c6f588
SHA1 hash: b47f3b5529277cf2645ed56e8d1b832c9a065969
MD5 hash: 86cdc85c3d58de12bf6e8783d044a105
humanhash: ten-speaker-princess-april
File name:86cdc85c3d58de12bf6e8783d044a105.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:464'384 bytes
First seen:2020-12-22 08:29:32 UTC
Last seen:2021-02-01 17:13:23 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash bc603be4735bd4c3889a300a03160591 (2 x Dridex)
ssdeep 6144:NoDXt02LN4DpFJZ2aCfTphY+2ou9ZryjYC0ro:CXtnLNuFJZ0nVwysb
Threatray 225 similar samples on MalwareBazaar
TLSH CBA4731333E9090AF1FAFB3A69F105604A3B78796C78D58E025E11997FF3A418A70767
Reporter abuse_ch
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
4
# of downloads :
277
Origin country :
n/a
Vendor Threat Intelligence
Detection:
DridexLoader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/108681/
Detection(s):
SecuriteInfo.com.Mal.EncPk-APV.15591.5828.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Sending a custom TCP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
bank
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/568005
Signature
Detected Dridex e-Banking trojan
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a129f0d21e80d53b7de86f2b6cdc8434f75a4fb98eb87aa43753cb5bbdf561da/
Threat name:
Win32.Trojan.Qshell
Create hunting rule
Status:
Malicious
First seen:
2020-12-22 08:30:08 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
005e9151ee4b6399cd27d282bd53104ef59bd89fd3fb65c05cd959992f770afa
Dridex
01020b0e9a19a67c53ceb2a3da055470fe1fd49b103ebecd4e3ca41639ae147e
Dridex
145eb99b77d47b9704dee5ae636adb920529135cedcc94f5d4219dc70e81d469
Dridex
2c6110a76dda8da49195052fa561ab8b8278c02df400124e46d26d2df228b70b
Dridex
4b1f2c18b149fd0e878c362ffba50bb553d7bea93a795b33e398d032dc0b7663
Dridex
9e7b660bda0c8106ff7345d4bae214da27f542f7f81fa1df61ce82cc6a6825cc
Dridex
a1658b979357f174c83dcd9867941d8cd917beb3ea67720fa43b6340b27762ba
Dridex
ee492eda053d19e082cd88acef8825e8dfd4616d51689e2e9667f5ed9035b1df
Dridex
f4c15b1eee06d45fa6115ddcfeb24bdacf54570352e0cb713e1c5895089dae1d
Dridex
fa2c2ec137b588edf286ad4f4b35f509256499debeb854a20c89e5c80da41b72
Dridex
+ 215 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet discovery evasion loader trojan
Link:
https://tria.ge/reports/201222-cdxketd7q6/
Behaviour
Suspicious use of WriteProcessMemory
Checks installed software on the system
Checks whether UAC is enabled
Blocklisted process makes network request
Dridex Loader
Dridex
Malware Config
C2 Extraction:
195.231.69.151:3889
62.138.14.216:3074
46.4.83.131:3389
198.211.118.187:3388
Unpacked files
SH256 hash:
a129f0d21e80d53b7de86f2b6cdc8434f75a4fb98eb87aa43753cb5bbdf561da
MD5 hash:
86cdc85c3d58de12bf6e8783d044a105
SHA1 hash:
b47f3b5529277cf2645ed56e8d1b832c9a065969
Link:
https://www.unpac.me/results/901d7846-d878-49d9-81a2-ee48ef764175/
SH256 hash:
53125fc69d533a96981a805789b8bffbc6df49fa0d75eb6119f70cae2d264ab2
MD5 hash:
5a269f0d3e24b7b9b89df4b53135f2c0
SHA1 hash:
7aaa03841fbb27abe4d0c9ef3f09876a34a6199c
Link:
https://www.unpac.me/results/901d7846-d878-49d9-81a2-ee48ef764175/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a129f0d21e80d53b7de86f2b6cdc8434f75a4fb98eb87aa43753cb5bbdf561da

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll a129f0d21e80d53b7de86f2b6cdc8434f75a4fb98eb87aa43753cb5bbdf561da

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/935619/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/935597/
  
URLhaus
https://urlhaus.abuse.ch/url/935617/
  
URLhaus
https://urlhaus.abuse.ch/url/935621/
  
URLhaus
https://urlhaus.abuse.ch/url/935585/
  
URLhaus
https://urlhaus.abuse.ch/url/935583/
  
URLhaus
https://urlhaus.abuse.ch/url/935598/
  
URLhaus
https://urlhaus.abuse.ch/url/935661/
  
URLhaus
https://urlhaus.abuse.ch/url/935582/
  
URLhaus
https://urlhaus.abuse.ch/url/935663/
  
URLhaus
https://urlhaus.abuse.ch/url/935596/
  
URLhaus
https://urlhaus.abuse.ch/url/935658/
  
URLhaus
https://urlhaus.abuse.ch/url/935618/
  
URLhaus
https://urlhaus.abuse.ch/url/935622/
  
URLhaus
https://urlhaus.abuse.ch/url/935620/
  
URLhaus
https://urlhaus.abuse.ch/url/935595/
  
URLhaus
https://urlhaus.abuse.ch/url/935627/
  
URLhaus
https://urlhaus.abuse.ch/url/935626/
  
URLhaus
https://urlhaus.abuse.ch/url/935603/
  
URLhaus
https://urlhaus.abuse.ch/url/935604/
  
URLhaus
https://urlhaus.abuse.ch/url/935592/
  
URLhaus
https://urlhaus.abuse.ch/url/935586/
  
URLhaus
https://urlhaus.abuse.ch/url/935512/
  
URLhaus
https://urlhaus.abuse.ch/url/935610/
  
URLhaus
https://urlhaus.abuse.ch/url/935662/
  
URLhaus
https://urlhaus.abuse.ch/url/935614/
  
URLhaus
https://urlhaus.abuse.ch/url/935623/
  
URLhaus
https://urlhaus.abuse.ch/url/935625/
  
URLhaus
https://urlhaus.abuse.ch/url/935589/
  
URLhaus
https://urlhaus.abuse.ch/url/935581/
  
URLhaus
https://urlhaus.abuse.ch/url/935602/
  
URLhaus
https://urlhaus.abuse.ch/url/935606/
  
URLhaus
https://urlhaus.abuse.ch/url/935588/
  
URLhaus
https://urlhaus.abuse.ch/url/935584/
  
URLhaus
https://urlhaus.abuse.ch/url/935590/
  
URLhaus
https://urlhaus.abuse.ch/url/935608/
  
URLhaus
https://urlhaus.abuse.ch/url/935613/
  
URLhaus
https://urlhaus.abuse.ch/url/935594/
  
URLhaus
https://urlhaus.abuse.ch/url/935657/
  
URLhaus
https://urlhaus.abuse.ch/url/935656/
  
URLhaus
https://urlhaus.abuse.ch/url/935659/
  
URLhaus
https://urlhaus.abuse.ch/url/935660/
  
URLhaus
https://urlhaus.abuse.ch/url/935591/
  
URLhaus
https://urlhaus.abuse.ch/url/935609/
  
URLhaus
https://urlhaus.abuse.ch/url/935578/
Cape
Cape
https://www.capesandbox.com/analysis/108681/
  
URLhaus
https://urlhaus.abuse.ch/url/938595/
  
URLhaus
https://urlhaus.abuse.ch/url/938597/
  
URLhaus
https://urlhaus.abuse.ch/url/938591/
  
URLhaus
https://urlhaus.abuse.ch/url/938592/
  
URLhaus
https://urlhaus.abuse.ch/url/938596/
  
URLhaus
https://urlhaus.abuse.ch/url/938594/
  
URLhaus
https://urlhaus.abuse.ch/url/938593/
  
URLhaus
https://urlhaus.abuse.ch/url/938598/
  
URLhaus
https://urlhaus.abuse.ch/url/938601/
  
URLhaus
https://urlhaus.abuse.ch/url/938603/
  
URLhaus
https://urlhaus.abuse.ch/url/938607/
  
URLhaus
https://urlhaus.abuse.ch/url/938604/
  
URLhaus
https://urlhaus.abuse.ch/url/938605/
  
URLhaus
https://urlhaus.abuse.ch/url/938606/
  
URLhaus
https://urlhaus.abuse.ch/url/938609/
  
URLhaus
https://urlhaus.abuse.ch/url/938610/
  
URLhaus
https://urlhaus.abuse.ch/url/938611/
  
URLhaus
https://urlhaus.abuse.ch/url/938613/
  
URLhaus
https://urlhaus.abuse.ch/url/938615/
  
URLhaus
https://urlhaus.abuse.ch/url/938617/
  
URLhaus
https://urlhaus.abuse.ch/url/938616/
  
URLhaus
https://urlhaus.abuse.ch/url/938618/
  
URLhaus
https://urlhaus.abuse.ch/url/938625/
  
URLhaus
https://urlhaus.abuse.ch/url/938620/
  
URLhaus
https://urlhaus.abuse.ch/url/938624/
  
URLhaus
https://urlhaus.abuse.ch/url/938621/
  
URLhaus
https://urlhaus.abuse.ch/url/938626/
  
URLhaus
https://urlhaus.abuse.ch/url/938627/
  
URLhaus
https://urlhaus.abuse.ch/url/938628/
  
URLhaus
https://urlhaus.abuse.ch/url/938629/
  
URLhaus
https://urlhaus.abuse.ch/url/938630/
  
URLhaus
https://urlhaus.abuse.ch/url/938631/
  
URLhaus
https://urlhaus.abuse.ch/url/938632/
  
URLhaus
https://urlhaus.abuse.ch/url/938633/
  
URLhaus
https://urlhaus.abuse.ch/url/938635/
  
URLhaus
https://urlhaus.abuse.ch/url/938634/
  
URLhaus
https://urlhaus.abuse.ch/url/938637/
  
URLhaus
https://urlhaus.abuse.ch/url/938639/
  
URLhaus
https://urlhaus.abuse.ch/url/938638/
  
URLhaus
https://urlhaus.abuse.ch/url/938640/
  
URLhaus
https://urlhaus.abuse.ch/url/938641/
  
URLhaus
https://urlhaus.abuse.ch/url/938642/
  
URLhaus
https://urlhaus.abuse.ch/url/938643/
  
URLhaus
https://urlhaus.abuse.ch/url/938645/
  
URLhaus
https://urlhaus.abuse.ch/url/938646/
  
URLhaus
https://urlhaus.abuse.ch/url/938647/
  
URLhaus
https://urlhaus.abuse.ch/url/938648/
  
URLhaus
https://urlhaus.abuse.ch/url/938651/
  
URLhaus
https://urlhaus.abuse.ch/url/938652/
  
URLhaus
https://urlhaus.abuse.ch/url/938653/
  
URLhaus
https://urlhaus.abuse.ch/url/938656/
  
URLhaus
https://urlhaus.abuse.ch/url/938657/
  
URLhaus
https://urlhaus.abuse.ch/url/938658/
  
URLhaus
https://urlhaus.abuse.ch/url/938659/
  
URLhaus
https://urlhaus.abuse.ch/url/938660/
  
URLhaus
https://urlhaus.abuse.ch/url/935535/
  
URLhaus
https://urlhaus.abuse.ch/url/935600/

Comments