MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 adf6d91922505e07b840cdd9f74d33d6c7872bc6534a9be6b27b5d03470c835b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Dridex

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	adf6d91922505e07b840cdd9f74d33d6c7872bc6534a9be6b27b5d03470c835b
SHA3-384 hash:	baf911ea2bfe47a944cfbfec74e9c200b136b2968dea1c52ee7e609208f762fb3e1586c1f3ebeaf3e44be3d311839eba
SHA1 hash:	fb3f3e8c8a0b0077aaff175f7d777533ae88a22c
MD5 hash:	b251618e473b04ec4dd58d8bbf975c2a
humanhash:	pizza-princess-sixteen-alpha
File name:	b251618e473b04ec4dd58d8bbf975c2a.dll
Download:	download sample
Signature	Dridex Create hunting rule
File size:	402'264 bytes
First seen:	2020-10-06 07:27:58 UTC
Last seen:	2020-10-06 11:05:44 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	f973b752dc5ac349369486fc7f90c6b1 (3 x Dridex, 1 x ZLoader)
ssdeep	12288:Sc9vDhUZiYWpcl80YMnv3YERntMwHpqXGDsa:nbYgceRTEFtMwJtDX
Threatray	14 similar samples on MalwareBazaar
TLSH	55846D02FBC00E63C7CB2276C45991774277DDA40795FA0BD6B9B964DAB03D63A3260B
Reporter	abuse_ch
Tags:	dll Dridex HMWOCFPSDLAFMFZIVD

Code Signing Certificate

Organisation:	HMWOCFPSDLAFMFZIVD
Issuer:	HMWOCFPSDLAFMFZIVD
Algorithm:	sha1WithRSA
Valid from:	Oct 5 07:35:37 2020 GMT
Valid to:	Dec 31 23:59:59 2039 GMT
Serial number:	-30538FA38197BA6FB06666ACDB08A9D4
Intelligence:	4 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:	SHA256
Thumbprint:	20D3D5A7AC6CD02020DBA17A1D472AA06FC00D5DD077306F4064F632F1880EA3
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

3

# of downloads :

214

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/68512/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Sending a custom TCP request

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/482521

Signature

A

b

c

d

e

f

i

l

M

n

o

r

S

t

u

V

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/adf6d91922505e07b840cdd9f74d33d6c7872bc6534a9be6b27b5d03470c835b/

Threat name:

Win32.Infostealer.Dridex

Status:

Malicious

First seen:

2020-10-06 07:29:06 UTC

File Type:

PE (Dll)

Extracted files:

35

AV detection:

23 of 29 (79.31%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=vx3nsgjckbpapocazxm7otjt23dyok6gknfjxzvspnoqgrymqnnq._file

Verdict:

malicious

Label(s):

dridex

Result

Malware family:

dridex

Score:

10/10

Tags:

botnet loader evasion trojan discovery family:dridex

Link:

https://tria.ge/reports/201006-435l1jqmc6/

Behaviour

Suspicious use of WriteProcessMemory

Checks installed software on the system

Checks whether UAC is enabled

Blacklisted process makes network request

Dridex Loader

Dridex

Malware Config

C2 Extraction:

85.114.134.25:443
94.23.45.86:3889
145.239.169.34:4643
162.212.152.222:3389

Unpacked files

SH256 hash:

adf6d91922505e07b840cdd9f74d33d6c7872bc6534a9be6b27b5d03470c835b

MD5 hash:

b251618e473b04ec4dd58d8bbf975c2a

SHA1 hash:

fb3f3e8c8a0b0077aaff175f7d777533ae88a22c

Link:

https://www.unpac.me/results/b1d893e5-e44a-46ed-a690-840f9399a0ff/

SH256 hash:

8aeb39c84dc66a8f6e3530ca2bf340b5ab5f2e737e4743f430a585d7ec5adea8

MD5 hash:

c70a4d1328b22abf6e62df629c18cbc9

SHA1 hash:

754fa26a0f754fa14b8ad3dc5c68411d0fd41325

Link:

https://www.unpac.me/results/b1d893e5-e44a-46ed-a690-840f9399a0ff/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/adf6d91922505e07b840cdd9f74d33d6c7872bc6534a9be6b27b5d03470c835b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll adf6d91922505e07b840cdd9f74d33d6c7872bc6534a9be6b27b5d03470c835b

(this sample)

Cape

Cape

https://www.capesandbox.com/analysis/68512/

URLhaus

https://urlhaus.abuse.ch/url/658176/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/658172/

URLhaus

https://urlhaus.abuse.ch/url/658188/

URLhaus

https://urlhaus.abuse.ch/url/658171/

URLhaus

https://urlhaus.abuse.ch/url/658177/

URLhaus

https://urlhaus.abuse.ch/url/658180/

URLhaus

https://urlhaus.abuse.ch/url/658181/

URLhaus

https://urlhaus.abuse.ch/url/658183/

URLhaus

https://urlhaus.abuse.ch/url/658190/

URLhaus

https://urlhaus.abuse.ch/url/658165/

URLhaus

https://urlhaus.abuse.ch/url/658162/

URLhaus

https://urlhaus.abuse.ch/url/658164/

URLhaus

https://urlhaus.abuse.ch/url/658185/

URLhaus

https://urlhaus.abuse.ch/url/658168/

URLhaus

https://urlhaus.abuse.ch/url/658202/

URLhaus

https://urlhaus.abuse.ch/url/658167/

URLhaus

https://urlhaus.abuse.ch/url/658161/

URLhaus

https://urlhaus.abuse.ch/url/658175/

URLhaus

https://urlhaus.abuse.ch/url/658191/

URLhaus

https://urlhaus.abuse.ch/url/658174/

URLhaus

https://urlhaus.abuse.ch/url/658154/

URLhaus

https://urlhaus.abuse.ch/url/658195/

URLhaus

https://urlhaus.abuse.ch/url/658160/

URLhaus

https://urlhaus.abuse.ch/url/658217/

URLhaus

https://urlhaus.abuse.ch/url/658153/

URLhaus

https://urlhaus.abuse.ch/url/658178/

URLhaus

https://urlhaus.abuse.ch/url/658182/

URLhaus

https://urlhaus.abuse.ch/url/658221/

URLhaus

https://urlhaus.abuse.ch/url/658219/

URLhaus

https://urlhaus.abuse.ch/url/658206/

URLhaus

https://urlhaus.abuse.ch/url/658204/

URLhaus

https://urlhaus.abuse.ch/url/658189/

URLhaus

https://urlhaus.abuse.ch/url/658199/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample