MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa4d510f35a686b54ce2a26ae399ef7e9dccc1846b561fd741cf2469b6a77fb4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa4d510f35a686b54ce2a26ae399ef7e9dccc1846b561fd741cf2469b6a77fb4
SHA3-384 hash: bdea876a7662f0f349e46c7930cd942c88d6825bf9c20077adc431cc416a5774d48bb35da9a10d1534d51783baaa4cfd
SHA1 hash: 480f303c0cdb62c8c03b37fc5bbb26cdf0d0fbea
MD5 hash: 9c5909ac991f26807ed0d5d64634f150
humanhash: bluebird-mississippi-triple-bluebird
File name:WMhYsrvAW.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:311'808 bytes
First seen:2020-03-26 14:26:17 UTC
Last seen:2020-03-26 20:58:03 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 1adf57b5ccfbd8c55f72b2519e3cc922 (1 x Dridex)
ssdeep 6144:X9b7mHaJ8PZaYv/T3Af7uwS4gUp3niaO09FROG+XN:JmHaJ8PVvb3Af7uwv9diaOMAXN
Threatray 274 similar samples on MalwareBazaar
TLSH BD64BF16BDA5C062E46AAC798502E7F8CC3DBC1C5F32999BB3C42E2FE970900DAD4557
Reporter James_inthe_box
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
2
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Cridex
Create hunting rule
Status:
Malicious
First seen:
2020-03-26 14:26:01 UTC
File Type:
PE (Dll)
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vjgvcdzvu2dlkthcujvohgppp2o4zqmennlb7v2bz4sgtnvhp62a._file
Verdict:
malicious
Label(s):
dridex
Create hunting rule
gozi
Create hunting rule
Similar samples:
0b02474d4fc4a2d7d4b43562c4b8532e9880941610be7a955ce740fd6f959ac9
Dridex
33f58c125b2149fd2d4ab64d7014ba25b423bd8f190b0aac13e0de8c88049684
Dridex
3d0f043627dea5de72eae3fd54dd228dcc4320e8802200dbf21bcbe1cce0bf4a
Dridex
41a3586da1ade6096a5d254c93d071ed5bdd702ddbff61b5db3473495de412e6
Dridex
6067b4d4febf1c025385eab5f40934d1ffe00e3ce2d6f5bb8f6481689d48ae72
Dridex
78839fce69215d10637ea20a38b1108b8e69719e8ac53b79b0f34d30d6b340a0
Dridex
809dd9df68daf8e93c2b15309aad4401aa1c7a30f727caa5cc7b2cc46aca8664
Dridex
962f378f2e541433349acb928affd380f6d4960443ab39588115f920f43c71c6
Dridex
d3d026f833f38db4e9c43dd3b7371c3826e39d16ed6c0dfd69301584c6ac4783
Dridex
ec9f6a70899278d8eecd7c501971b8381b9ef9affae659521f1e5009be15abc7
Dridex
+ 264 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CloseHandle
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::LoadLibraryExA
KERNEL32.dll::GetSystemInfo
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetCommandLineA
KERNEL32.dll::GetCommandLineW
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::ReadConsoleW
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleCP
KERNEL32.dll::GetConsoleMode
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateFileW
KERNEL32.dll::GetTempPathA
VERSION.dll::GetFileVersionInfoSizeA
VERSION.dll::GetFileVersionInfoA

Comments