MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ac0e2a63a741fe311d13210f830d6995ade78652b6705420d1c382cd8a825eab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 10


Intelligence 10 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ac0e2a63a741fe311d13210f830d6995ade78652b6705420d1c382cd8a825eab
SHA3-384 hash: d0c5eba08978d8a09b5eb92e30b2c4c1e8d1aab4bb616418e7335133fb55f95e7cea96128f3c8dd5ebe42125aeef3254
SHA1 hash: 736409922d2e3569bff2599faee9f4a8dbdc71a1
MD5 hash: b04e69a4c8f6c27870965047540a2f2f
humanhash: seven-gee-connecticut-nuts
File name:b04e69a4c8f6c27870965047540a2f2f.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:167'936 bytes
First seen:2021-01-20 14:14:39 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash aaf3f8a7e0fdc202353c68c4c54c5a75 (22 x Dridex)
ssdeep 3072:O1V+vpDx7DUQrMrXxomqF0uMfbaqPR7sOdBvFBnBXit/ba82MnJI:OMXDUQrOqFXMzaqNs8vATa82M
Threatray 177 similar samples on MalwareBazaar
TLSH 47F3E11361C6EB7CDB2204B25CEE138DD1348D10CE797B1DA66D709AA7FAFD10A89352
Reporter abuse_ch
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
141
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/113097/
Detection(s):
Win.Packed.Generic-9810928-0
Create hunting rule

SecuriteInfo.com.BehavesLike.Win32.Drixed.cc.28259.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/586209
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 342140 Sample: avjajVpilg.dll Startdate: 20/01/2021 Architecture: WINDOWS Score: 52 15 Multi AV Scanner detection for submitted file 2->15 17 Machine Learning detection for sample 2->17 6 loaddll32.exe 1 2->6         started        process3 process4 8 WerFault.exe 3 9 6->8         started        11 WerFault.exe 3 9 6->11         started        dnsIp5 13 192.168.2.1 unknown unknown 8->13
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ac0e2a63a741fe311d13210f830d6995ade78652b6705420d1c382cd8a825eab/
Threat name:
Win32.Trojan.Drixed
Create hunting rule
Status:
Malicious
First seen:
2021-01-20 14:15:08 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vqhcuy5hih7dchiteehygdljsww6pbsswzyfiigryobm3cucl2vq._file
Verdict:
malicious
Label(s):
dridex
Create hunting rule
emotet
Create hunting rule
Similar samples:
0f1016beea87c7d751aff9f5ed596b452fdbd3bd9fb5405b76fa62014d89d54b
Dridex
2542d8801568e29aef85b91ee8ea89ce20bfbbb46954941745c88f68d6c9eb20
Dridex
2cb94e38a1930e97de56e8a310155f8b98f4effa7ffd5e3553bec6f5f9539fb2
Dridex
98f223299305b1c6994bd7ec18fbc0fc09260fc8bd542d02686e715769ed1fae
Dridex
9c29b1e8d9212da8dd9ed375d5722ceabf65c13fab3c12c9c258530b38630628
Dridex
a81a824a4030808e0998064a90a4905fa87808e46f75c0c8d38a8f771a0d3288
Dridex
a8289357cdb5e5a75f6d8e6fea9e74863f16e51c913123bd7cc442e818f258b6
Dridex
b1c5f8455b82ed52709846267e516590c9e97019fe406691eb5b100e45e3bd78
Dridex
db05b73f6963ec3d5bbaebbde3545dd801b79a54a41d583146a556b0f4505515
Dridex
eac020aa33b9585b92e202a58b1924b1b628a7cad2d39236b423110c221fa481
Dridex
+ 167 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet loader
Link:
https://tria.ge/reports/210120-rzmmhbrwha/
Behaviour
Suspicious use of WriteProcessMemory
Dridex Loader
Dridex
Malware Config
C2 Extraction:
172.86.186.22:3889
46.105.131.78:14431
103.244.206.74:33443
139.162.53.147:4443
Unpacked files
SH256 hash:
b087ecd864078c49e02d43814d841d6c067ba741341483d9c58cba949fa8a57b
MD5 hash:
c596bcc0b81290429e95e80bc3d1163c
SHA1 hash:
50fd69c49784f20742ec9a983c6888a7259d8834
Detections:
win_dridex_auto
Create hunting rule
Link:
https://www.unpac.me/results/bd211869-f656-4f2b-9cac-823660923d45/
Parent samples :
b40a11dcea513d7f8119735975a133c896592a804f003074e735015e35f43468
0f1016beea87c7d751aff9f5ed596b452fdbd3bd9fb5405b76fa62014d89d54b
2542d8801568e29aef85b91ee8ea89ce20bfbbb46954941745c88f68d6c9eb20
09d4beff6b8ac12cc58777c675984ee929a260431741612048ac25f4341b753e
0263af7724d2ce102b22d81a54acece688022d99521b094068459f4bc4f6aca0
98f223299305b1c6994bd7ec18fbc0fc09260fc8bd542d02686e715769ed1fae
9c29b1e8d9212da8dd9ed375d5722ceabf65c13fab3c12c9c258530b38630628
db05b73f6963ec3d5bbaebbde3545dd801b79a54a41d583146a556b0f4505515
1670a34f9c0f49e6ba51de133293371ef77aa21442aaf4698eac0163ec68ff2e
94d02d97cf6989fbdb3010543f747751dc6ff9709c854323c7959a386bad43d3
2e8384b979521ab1a3ac17745f81d9a18fa084294d242d4a6918db4413e313c6
ed8e649fba97f6ef44c5ae7b5dc4c57d71aa28ea60063986f9edb9a0338d2748
1a13b0a4251771ac84bff5b2009e1fbd8eb2c8fdbd1299ba64299f40a2ad0e7d
a8289357cdb5e5a75f6d8e6fea9e74863f16e51c913123bd7cc442e818f258b6
b1c5f8455b82ed52709846267e516590c9e97019fe406691eb5b100e45e3bd78
a81a824a4030808e0998064a90a4905fa87808e46f75c0c8d38a8f771a0d3288
2cb94e38a1930e97de56e8a310155f8b98f4effa7ffd5e3553bec6f5f9539fb2
eac020aa33b9585b92e202a58b1924b1b628a7cad2d39236b423110c221fa481
ac0e2a63a741fe311d13210f830d6995ade78652b6705420d1c382cd8a825eab
88813cbb3272347ca08a88e9ce1064bfdaf317d564c8c22c377f18a6e6fa2618
84f85c52fe3defb96af28e575a590505991fcdb447a30825d9e4d3d6b1eaaf0f
0ca4f84f42c000128a1451ffafb83a1bc482fcb79dc5ff4a4b1263d7a9313391
SH256 hash:
d9def023eec42a5d71a89abadeae0cb227420fcfc64e8597ebcd5d8c368a6fc7
MD5 hash:
a96492ad39f4857d3716a3b76f099ee4
SHA1 hash:
9de1e8f6c2ac450c7dd4545afc3915a530d02ed1
Link:
https://www.unpac.me/results/bd211869-f656-4f2b-9cac-823660923d45/
SH256 hash:
ac0e2a63a741fe311d13210f830d6995ade78652b6705420d1c382cd8a825eab
MD5 hash:
b04e69a4c8f6c27870965047540a2f2f
SHA1 hash:
736409922d2e3569bff2599faee9f4a8dbdc71a1
Link:
https://www.unpac.me/results/bd211869-f656-4f2b-9cac-823660923d45/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Dridex
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ac0e2a63a741fe311d13210f830d6995ade78652b6705420d1c382cd8a825eab

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_dridex_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll ac0e2a63a741fe311d13210f830d6995ade78652b6705420d1c382cd8a825eab

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/113097/
  
URLhaus
https://urlhaus.abuse.ch/url/924780/
  
Delivery method
Distributed via web download

Comments