MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b39e91e4dbc6abd06aaee6598c67c912933d125f291728a65e459209594cad35. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b39e91e4dbc6abd06aaee6598c67c912933d125f291728a65e459209594cad35
SHA3-384 hash: 8b0ad8cfba91799233c34958b626ca1a1b27a5eb2bb5dc6dc2912966bb9faefa50241233ec108553c91895149119dfed
SHA1 hash: b1b3a370406a419b85d3ca540483be2dae1d6490
MD5 hash: 69b2c38fc33d58969a8e09767c6246f3
humanhash: emma-football-georgia-august
File name:quartz.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:180'224 bytes
First seen:2020-11-23 20:30:33 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 8f7c39782ffaf8e08572ba82aca8e30d (4 x Dridex)
ssdeep 3072:vjRHiK71Y6WhbpyV9oS9VWIStOENxjSmshHGedNi6aQaP4+IQH+:liggmDStOIVu0EtQ
Threatray 124 similar samples on MalwareBazaar
TLSH 0A04AF8263EC6538F1B7ABB6F936A501592F3CD56E39C6BD8710014FC9706299CA4B33
Reporter James_inthe_box
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
193
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/545514
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 321850 Sample: quartz.dll Startdate: 23/11/2020 Architecture: WINDOWS Score: 52 12 Multi AV Scanner detection for submitted file 2->12 14 Machine Learning detection for sample 2->14 6 loaddll32.exe 1 2->6         started        process3 process4 8 WerFault.exe 3 9 6->8         started        10 WerFault.exe 3 9 6->10         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b39e91e4dbc6abd06aaee6598c67c912933d125f291728a65e459209594cad35/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-11-23 20:30:30 UTC
File Type:
PE (Dll)
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
1f8dc085e250847f7a31d7785710be49b17eed1e1c6e460478e2e5232bda689a
Dridex
3ab48ca45cd8a40aa0100279752afd3e89003bb85bf420c8b1be62e019f4c9eb
Dridex
714400a7bc623325caa68ab943724d9b7d1e623fc8cf7546165aef0a19e46044
Dridex
7a91d43923b23b640842519263ff8dc2eb0f411f2f1688727db5c7dfacbab7be
Dridex
88ce1108f181b31c988378dc9606d15a1582b315bc785bb61ba5283a56182379
Dridex
92794ce2b86f5636b0636952f7ac4b02f0fd664b5f479372d64aa779d376a7a2
Dridex
95207a682e024efd1ea2364fd3c19484d70600ee931fb7c1a88d210cebbe8cc6
Dridex
cd4ccf6b266b11aa29327444754c4c42f175725c4c03e21cf5dae151a4c4aa41
Dridex
dd39accfa55be48b2c14f264a5917ead4964b8a7ce7f3f113cc74d13f87e86e7
Dridex
ea9efe328c387d0e2db9403cf89c5176f9982cf24b70cd8e83c25045c954a87b
Dridex
+ 114 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet loader
Link:
https://tria.ge/reports/201123-e8y7wzg2vn/
Behaviour
Suspicious use of WriteProcessMemory
Dridex Loader
Dridex
Malware Config
C2 Extraction:
175.126.167.148:443
173.249.20.233:8043
162.241.204.233:4443
138.122.143.40:8043
Unpacked files
SH256 hash:
b39e91e4dbc6abd06aaee6598c67c912933d125f291728a65e459209594cad35
MD5 hash:
69b2c38fc33d58969a8e09767c6246f3
SHA1 hash:
b1b3a370406a419b85d3ca540483be2dae1d6490
Link:
https://www.unpac.me/results/9a1b452d-228f-4523-a12e-ea1406f27f2c/
SH256 hash:
0fd861f61320ee2c445e64cf097cb9cf741759724a49abc006345bf2263130d9
MD5 hash:
e1e3a9389b19c6ef857b9f652135bebb
SHA1 hash:
eee0739c7399a50197a61100f16284d72bb79f97
Link:
https://www.unpac.me/results/9a1b452d-228f-4523-a12e-ea1406f27f2c/
SH256 hash:
9340c44c767cdd6249eadeb27769d2c9249983ba7f6d50f25712812b175249cc
MD5 hash:
70aebee469f5b1ce9e3d6d74f580ee2c
SHA1 hash:
a3144f150f89b0881d408bd3007f51ce19939c94
Detections:
win_dridex_auto
Create hunting rule
Link:
https://www.unpac.me/results/9a1b452d-228f-4523-a12e-ea1406f27f2c/
Parent samples :
95207a682e024efd1ea2364fd3c19484d70600ee931fb7c1a88d210cebbe8cc6
b39e91e4dbc6abd06aaee6598c67c912933d125f291728a65e459209594cad35
1c0a62a8d16705a2e1a38e0a4b310dbf40ce71e1a2a4c554e35a15ebfc28cb0f
f1f67040aaaaabf6754310829696ba9fd783991ab89e476dfa8c8e698841ce34
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b39e91e4dbc6abd06aaee6598c67c912933d125f291728a65e459209594cad35

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments