MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b784949f5befe52ef03eb0a47fb0b7d88a44545a4c23e7d8630c9a19f012d9af. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Dridex

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	b784949f5befe52ef03eb0a47fb0b7d88a44545a4c23e7d8630c9a19f012d9af
SHA3-384 hash:	0f8da29445e2299ba2f947374cbce0462b94ff3f51bd223457dae583b3c4a02db8b3fcd89d4869118b4e9d24a8079dcf
SHA1 hash:	649d935a336dc60b18e0b3a9e6ccfebdf5c9e75a
MD5 hash:	74c3351573188d7f01acf9f439f1be22
humanhash:	five-lion-mockingbird-leopard
File name:	b784949f5befe52ef03eb0a47fb0b7d88a44545a4c23e7d8630c9a19f012d9af
Download:	download sample
Signature	Dridex Create hunting rule
File size:	315'381 bytes
First seen:	2020-11-05 22:34:32 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
ssdeep	6144:S3s9vfpA09TUZiYWpcl8Yte2YMnnWZI8VQ3SSOED1nUmhMwHpId7k:Sc9vDhUZiYWpcl80YMnv3YERntMwHpqk
TLSH	73646B06FAC40EB7C9CB2176C46911778377EE9507A5FA0357B9B948DAB13E53B30A02
Reporter	seifreed
Tags:	Dridex

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/85620/

Detection(s):

SecuriteInfo.com.Trojan.Dridex.735.11434.31330.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b784949f5befe52ef03eb0a47fb0b7d88a44545a4c23e7d8630c9a19f012d9af/

Threat name:

Win32.Trojan.Ymacco

Status:

Malicious

First seen:

2020-11-01 14:03:00 UTC

AV detection:

17 of 29 (58.62%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=w6cjjh2357ss54b6wcsh7mfx3cfeivc2jqr6pwddbsnbt4as3gxq._file

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/201106-j91ceybxbe/

Behaviour

Suspicious use of WriteProcessMemory

Unpacked files

SH256 hash:

b784949f5befe52ef03eb0a47fb0b7d88a44545a4c23e7d8630c9a19f012d9af

MD5 hash:

74c3351573188d7f01acf9f439f1be22

SHA1 hash:

649d935a336dc60b18e0b3a9e6ccfebdf5c9e75a

Link:

https://www.unpac.me/results/6c197fa6-1a06-40ba-a7d7-94869e3c9577/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

URLhaus

https://urlhaus.abuse.ch/url/658191/

Cape

https://www.capesandbox.com/analysis/85620/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample