MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bc56d225de1b1a36276e142db048915c6f12088b7dc5d9ae27af8ee3002d3ee6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bc56d225de1b1a36276e142db048915c6f12088b7dc5d9ae27af8ee3002d3ee6
SHA3-384 hash: e08c367e5c140aba6bc75866b9fea8201df9fa6f9c14a886cc9a36cef3c4c8584ae30c09d43d3da9bec6acf75fa8843e
SHA1 hash: 45aafb17ade13387fcf864fa2acd9c164b24a480
MD5 hash: 7d7e248d3f2598222ef3e4b20bc8c3cf
humanhash: white-finch-delaware-bacon
File name:7d7e248d3f2598222ef3e4b20bc8c3cf.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:131'072 bytes
First seen:2020-11-28 11:13:35 UTC
Last seen:2020-11-28 12:45:05 UTC
File type:DLL dll
MIME type:application/x-dosexec
ssdeep 3072:7+5HnBKs8JrdfDomd2rHO/Tr81rDfl8bFdgIMKF:7+dBKd3douH2O
TLSH BAD3E1563CF93C10CA964D3255A75818D2FF072682BB7A2C5163EBE4CE80AAD3C6D774
Reporter abuse_ch
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
2
# of downloads :
258
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/105918/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/550073
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 324148 Sample: bWyhDh8vJ3.dll Startdate: 28/11/2020 Architecture: WINDOWS Score: 52 10 Multi AV Scanner detection for submitted file 2->10 12 Machine Learning detection for sample 2->12 6 loaddll32.exe 1 2->6         started        process3 process4 8 WerFault.exe 6 9 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bc56d225de1b1a36276e142db048915c6f12088b7dc5d9ae27af8ee3002d3ee6/
Threat name:
Win32.Trojan.Graftor
Create hunting rule
Status:
Malicious
First seen:
2020-11-28 11:14:07 UTC
AV detection:
8 of 29 (27.59%)
Threat level:
  5/5
Verdict:
unknown
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201128-fnej9s225n/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
bc56d225de1b1a36276e142db048915c6f12088b7dc5d9ae27af8ee3002d3ee6
MD5 hash:
7d7e248d3f2598222ef3e4b20bc8c3cf
SHA1 hash:
45aafb17ade13387fcf864fa2acd9c164b24a480
Link:
https://www.unpac.me/results/6c90f0b8-8f0e-4707-9f87-6a6a7eb1c9c1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Cryptor
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bc56d225de1b1a36276e142db048915c6f12088b7dc5d9ae27af8ee3002d3ee6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll bc56d225de1b1a36276e142db048915c6f12088b7dc5d9ae27af8ee3002d3ee6

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/807451/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/105918/

Comments