MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ab8f6d64918bfde8d603af28047f91c3bdfd82df3d965391fc1b480542d64b89. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ab8f6d64918bfde8d603af28047f91c3bdfd82df3d965391fc1b480542d64b89
SHA3-384 hash: 50deb29578e9b397e0abd8fceec82feb93ab9294b15417f0657b28059cddf1cd67b0dd22af08fff58351b1a5cdb6924f
SHA1 hash: fb551a1f927e6b86fb2e8281d4f09a753e5a7f5b
MD5 hash: 2a52d4cc48659ad06386e6f1ddb17613
humanhash: carpet-lithium-lactose-yankee
File name:ab8f6d64918bfde8d603af28047f91c3bdfd82df3d965391fc1b480542d64b89
Download: download sample
Signature Dridex
Create hunting rule
File size:1'417'216 bytes
First seen:2022-03-23 08:05:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4a2e61e1749a0183eccaadb9c4ef6ec2 (40 x Dridex)
ssdeep 12288:qZgJtlQepQn+NDo7nIYegQCLDF/B9wvj/cLvVZFuw:qZK6F7n5eRmDFJivohZFV
Threatray 2'676 similar samples on MalwareBazaar
TLSH T1B665E102FF9963E6E9501DFA95F0F2A3C9F4F6854C680229DB65505F9CA0ACEBC110ED
Reporter JAMESWT_WT
Tags:Dridex exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
659
Origin country :
n/a
Vendor Threat Intelligence
Detection:
DridexV4
Create hunting rule
Link:
https://www.capesandbox.com/analysis/255448/
Detection(s):
Win.Packed.Dridex-9916859-0
Create hunting rule

Win.Packed.Dridex-9916872-0
Create hunting rule

SecuriteInfo.com.Trojan.Siggen15.41927.11983.13514.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Changing a file
Creating a file
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Searching for synchronization primitives
Setting browser functions hooks
Forced shutdown of a system process
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Unauthorized injection to a system process
Enabling autorun by creating a file
Forced shutdown of a browser
Unauthorized injection to a browser process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/623ad504dfdfa8501cd21073/reports/800a9322-97ba-484c-9999-4ca25332d21c/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Gathering data
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/962753
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ab8f6d64918bfde8d603af28047f91c3bdfd82df3d965391fc1b480542d64b89/
Threat name:
Win64.Trojan.Occamy
Create hunting rule
Status:
Malicious
First seen:
2022-03-13 20:41:00 UTC
File Type:
PE+ (Dll)
Extracted files:
1
AV detection:
37 of 42 (88.10%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
1b2019f1d24663127228ee1105d64744d16a3f44a25748788153aa6722ea96ff
Dridex
2e3345d45293cd602f027f8a9c0ffbe4435aca82efff9d09318e38af7b4aff0f
Dridex
33bdea2774f3d73d2ff73cd7ccd668c57e757b35af7e0c341023e6a383b19254
Dridex
5ab7f5960a2652821f3477d035336e8af6c7e2b667e57149b4be94a6fac10e19
Dridex
6b52c3cdedbe90056bc1059f944e484e5afbd88a4665ed54e8d6ad94346785f4
Dridex
6b7cc564c60d170fe5ff87708d0decca3620855d4562d89dd19025a6c5f46b29
Dridex
771f9311043b9eccbe4742224d199a161f374bbfcd0cd77cf7ced61b6bb4eeda
Dridex
cdcc3f2dd3e431f823c0401af294f897f0a837610642447b58c772d38a0fb805
Dridex
d90220ddf4ad377e6a9f6a2937ac57cad92933aaef4bea100b1c7593a55a795d
Dridex
dc04225d29393bc9ba12e513b25172c130e6bebeba91783024188be85ae08de8
Dridex
+ 2'666 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet evasion payload persistence trojan
Link:
https://tria.ge/reports/220323-jzgkbsaae4/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Adds Run key to start application
Checks whether UAC is enabled
Loads dropped DLL
Executes dropped EXE
Dridex Shellcode
Dridex
Unpacked files
SH256 hash:
ab8f6d64918bfde8d603af28047f91c3bdfd82df3d965391fc1b480542d64b89
MD5 hash:
2a52d4cc48659ad06386e6f1ddb17613
SHA1 hash:
fb551a1f927e6b86fb2e8281d4f09a753e5a7f5b
Link:
https://www.unpac.me/results/df8d4597-b904-48a5-b190-6f1165f75d6e/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/ab8f6d64918b/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ab8f6d64918bfde8d603af28047f91c3bdfd82df3d965391fc1b480542d64b89

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/255448/

Comments