MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a50ac006054905d1f7fb342ba9053b5cecd381b67c54c9cab365f9b4eca2ee1b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a50ac006054905d1f7fb342ba9053b5cecd381b67c54c9cab365f9b4eca2ee1b
SHA3-384 hash: 1771176b8940d0a636a53a9e0389256282a402a0dfd8176debe35b0c2b798d09cc0956c50fed0a81fb51b2192b051a4e
SHA1 hash: 0e8bc4246127bbacc47350b1623e06d83ac5379b
MD5 hash: 6a9ff6948c0e80d2950fc99a47521d4d
humanhash: washington-table-cat-cardinal
File name:xeaicu0up.jpg.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:482'136 bytes
First seen:2020-10-26 13:54:37 UTC
Last seen:2020-10-27 06:26:13 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 27d6919eb81354086558706eac67626b (1 x Dridex)
ssdeep 12288:BnB7XOyfxyhntvHyBCtAnHV1BzJ/4awII:BnB+OxyfQu4H/4aLI
Threatray 31 similar samples on MalwareBazaar
TLSH 8DA42663A9C38F14C57E00F7C5FDAAB8173196380D9C4F1DB75E4876FA634892A8426E
Reporter James_inthe_box
Tags:dll Dridex

Code Signing Certificate

Organisation:QDYHPWOZUORWBIWTPZ
Issuer:QDYHPWOZUORWBIWTPZ
Algorithm:sha1WithRSA
Valid from:Oct 26 09:17:07 2020 GMT
Valid to:Dec 31 23:59:59 2039 GMT
Serial number: -30CE91CC741B9064BC31BC27EEB0BE0B
Thumbprint Algorithm:SHA256
Thumbprint: EFE1D947AA1A090E16D61F02E7821268FF6A3772DB9721D657B7048BC8D741A5
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
3
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/79092/
Detection(s):
SecuriteInfo.com.Artemis6A9FF6948C0E.19891.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Sending a custom TCP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/511887
Signature
A
b
c
d
e
f
i
l
M
n
o
r
S
t
u
V
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a50ac006054905d1f7fb342ba9053b5cecd381b67c54c9cab365f9b4eca2ee1b/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-10-26 13:54:09 UTC
File Type:
PE (Dll)
Extracted files:
22
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
51acefd32d0606f3059320b05197fe99f121a22dec166964ae6f447854f5c82c
Dridex
5d844206e982fdaffa520c57c847635102ddf72d893fe896d42581c41c2cfb91
Dridex
6b34671b04872cfde098c319f20693021a43ddb8b00f989669778e745e5232a4
Dridex
7f9d34e81d9dbaadf5253b219f04a1702226072884521a8e12e8c99c49fe198e
Dridex
857b5c1209e2bec7dda0c80b92123f4ceb15f8c560f23551804e4bd09b94e901
Dridex
9bea5cd43e299b1dcf722ab63d3162d0efaa6acd561260c9f5323dbc9ce71383
Dridex
adf6d91922505e07b840cdd9f74d33d6c7872bc6534a9be6b27b5d03470c835b
Dridex
b2a09b4f89680c9980ecbfcc4fdd0256f1d615e46660d1529ad95c6efe77b31a
Dridex
b354b40413ec755a51a63ab930860d9078d9ad157f1f18b0d0c441d73bf6691c
Dridex
ffa2348834cf46c2df5b305156592ca582eaf701a7833c9c339b215ac5b9db65
Dridex
+ 21 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
botnet loader discovery family:dridex evasion trojan
Link:
https://tria.ge/reports/201026-hvs3lbk7ej/
Behaviour
Suspicious use of WriteProcessMemory
Checks installed software on the system
Checks whether UAC is enabled
Blacklisted process makes network request
Dridex Loader
Dridex
Malware Config
C2 Extraction:
85.207.13.169:443
74.207.242.13:1688
176.58.101.200:49160
164.132.75.129:3388
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DridexLoader
Create hunting rule
Author:kevoreilly
Description:Dridex v4 dropper C2 parsing function
Rule name:win_dridex_loader_v2
Create hunting rule
Author:Johannes Bader @viql
Description:detects some Dridex loaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/79092/
  
URLhaus
https://urlhaus.abuse.ch/url/751771/
  
URLhaus
https://urlhaus.abuse.ch/url/751843/
  
URLhaus
https://urlhaus.abuse.ch/url/751858/
  
URLhaus
https://urlhaus.abuse.ch/url/751857/
  
URLhaus
https://urlhaus.abuse.ch/url/751859/
  
URLhaus
https://urlhaus.abuse.ch/url/751860/
  
URLhaus
https://urlhaus.abuse.ch/url/751863/
  
URLhaus
https://urlhaus.abuse.ch/url/751862/
  
URLhaus
https://urlhaus.abuse.ch/url/751864/
  
URLhaus
https://urlhaus.abuse.ch/url/751865/

Comments