MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 b2a09b4f89680c9980ecbfcc4fdd0256f1d615e46660d1529ad95c6efe77b31a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Dridex
Vendor detections: 6
| SHA256 hash: | b2a09b4f89680c9980ecbfcc4fdd0256f1d615e46660d1529ad95c6efe77b31a |
|---|---|
| SHA3-384 hash: | cd24e799b8ca4b00e097a841a68dece5106ef9662f23825e2fc09253efd679e66a03e73fc78eddaf6b3bc98da9462d77 |
| SHA1 hash: | d31ae561bb16df2126729f6b17e27141482e9301 |
| MD5 hash: | ffbfe45cca6c7e0bf09add16640323ab |
| humanhash: | potato-tango-georgia-fruit |
| File name: | ffbfe45cca6c7e0bf09add16640323ab.dll |
| Download: | download sample |
| Signature | Dridex |
| File size: | 397'824 bytes |
| First seen: | 2020-10-22 08:40:47 UTC |
| Last seen: | 2020-10-22 10:17:08 UTC |
| File type: |  dll |
| MIME type: | application/x-dosexec |
| imphash | 1e765f1d5302b9c12f7792f1f6be3c79 (2 x Dridex) |
| ssdeep | 6144:fQD28bm2WJHEII+buAqQxZt4995XkN6y1Ya5P/lbZ:9RJku/L05dyVX1 |
| TLSH | E6849D2026B7F99EFA7422B1BAD32DE9F19C472C396C3C17D9634949494A23719D230F |
| Reporter |  abuse_ch |
| Tags: | dll Dridex |
Intelligence
File Origin
# of uploads :
2
# of downloads :
117
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Result
Verdict:
Malware
Maliciousness:
Behaviour
Sending a UDP request
Connection attempt
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.GenUMlwr
Status:
Malicious
First seen:
2020-10-22 01:20:06 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
5/5
Detection(s):
Malicious file
Result
Malware family:
dridex
Score:
10/10
Tags:
botnet loader evasion trojan discovery family:dridex
Behaviour
Suspicious use of WriteProcessMemory
Checks installed software on the system
Checks whether UAC is enabled
Blacklisted process makes network request
Dridex Loader
Dridex
Malware Config
C2 Extraction:
79.137.29.86:443
87.106.191.77:3889
44.48.26.99:4664
178.254.22.25:33443
87.106.191.77:3889
44.48.26.99:4664
178.254.22.25:33443
Unpacked files
SH256 hash:
d5836dd1fe798110d9526f19d73a10be52d5ee2f114966f12cbe6cf5cf7c302c
MD5 hash:
bb0770c71c19e4f35d95e65e46553618
SHA1 hash:
f95d7f51e4d8e443b9a7e9cd4858c876bd244282
SH256 hash:
b2a09b4f89680c9980ecbfcc4fdd0256f1d615e46660d1529ad95c6efe77b31a
MD5 hash:
ffbfe45cca6c7e0bf09add16640323ab
SHA1 hash:
d31ae561bb16df2126729f6b17e27141482e9301
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.