MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bcdf06a643e9d5ed116bc0090538aa5302b9a775f25c2ed0c625cee475ee8c44. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bcdf06a643e9d5ed116bc0090538aa5302b9a775f25c2ed0c625cee475ee8c44
SHA3-384 hash: 84305abdd1240795bd2c91ec08f7a4d78d15104411a258369149e6202dcfb635f3d1fb702a735dcdf59e18109c00c3d4
SHA1 hash: 0c9a84e873e62b730f9ff9ed8a70144ced866430
MD5 hash: dc77ee72271070602a8768c63775c16a
humanhash: fruit-lemon-echo-nevada
File name:bcdf06a643e9d5ed116bc0090538aa5302b9a775f25c2ed0c625cee475ee8c44
Download: download sample
Signature Dridex
Create hunting rule
File size:2'404'352 bytes
First seen:2021-09-21 08:29:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6668be91e2c948b183827f040944057f (1'006 x Dridex)
ssdeep 12288:iVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:/fP7fWsK5z9A+WGAW+V5SB6Ct4bnb
Threatray 814 similar samples on MalwareBazaar
TLSH T1FDB5D010EE69E1E6C6B89F3ED408352727F93D75110D608CC392604F9EF86546E3E9AE
Reporter JAMESWT_WT
Tags:Dridex exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
186
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
bcdf06a643e9d5ed116bc0090538aa5302b9a775f25c2ed0c625cee475ee8c44
Verdict:
No threats detected
Analysis date:
2021-09-21 08:42:19 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/d02aa4e4-8824-4783-ada4-f974f06c00a0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/189740/
Detection(s):
Win.Packed.Razy-9769561-0
Create hunting rule

Malware family:
Dridex
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/5c67d97d-818b-4ee6-b2da-1ed42fefd277
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/854855
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Benign windows process drops PE files
Changes memory attributes in foreign processes to executable or writable
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queues an APC in another process (thread injection)
Uses Atom Bombing / ProGate to inject into other processes
Yara detected Dridex unpacked file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 487289 Sample: F4Tbzys4KE Startdate: 21/09/2021 Architecture: WINDOWS Score: 100 41 Antivirus detection for dropped file 2->41 43 Antivirus / Scanner detection for submitted sample 2->43 45 Multi AV Scanner detection for submitted file 2->45 47 3 other signatures 2->47 8 loaddll64.exe 1 2->8         started        process3 process4 10 rundll32.exe 8->10         started        13 rundll32.exe 8->13         started        15 cmd.exe 1 8->15         started        17 16 other processes 8->17 signatures5 51 Changes memory attributes in foreign processes to executable or writable 10->51 53 Uses Atom Bombing / ProGate to inject into other processes 10->53 55 Queues an APC in another process (thread injection) 10->55 19 explorer.exe 2 79 10->19 injected 23 rundll32.exe 15->23         started        process6 file7 33 C:\Users\user\AppData\Local\...\DUI70.dll, PE32+ 19->33 dropped 35 C:\Users\user\AppData\Local\...\DUser.dll, PE32+ 19->35 dropped 37 C:\Users\user\AppData\Local\...\XmlLite.dll, PE32+ 19->37 dropped 39 29 other files (7 malicious) 19->39 dropped 49 Benign windows process drops PE files 19->49 25 cttune.exe 19->25         started        27 cttune.exe 19->27         started        29 PresentationHost.exe 19->29         started        31 PresentationHost.exe 19->31         started        signatures8 process9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bcdf06a643e9d5ed116bc0090538aa5302b9a775f25c2ed0c625cee475ee8c44/
Threat name:
Win64.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2021-09-11 23:26:28 UTC
AV detection:
34 of 45 (75.56%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
065fbc9fe1ed977bd77641b7426af207f3e6ad1cc47ee26ee0cd5e66b21ce22c
Dridex
0af3d57056580eb2ce6503c353bb007ddab908d40968e5a33086a770431b6ed7
Dridex
1b1d6fb4287b81972665663c2db8962d2a38c35fab55e3a0d67ec7e19add14e2
Dridex
411e4618c1a5a3d3c3f2a5fea9c428f735a667694d848809a07d68557cd4797a
Dridex
429ad522901cf382e8dadb952a8663f535f5f42086654dd81da3e6ded31927d3
Dridex
7107fe58f7979317d48cf634b71faac0deeaa95795f46c36240a15745730cf75
Dridex
72579404bd98010c160bea743f501c908d1a99fed2a1bd79017e3f27ddc36b35
Dridex
8721e8fa4282c06fd75878a797d74020649edf642a48b2d367cdc96bb850ced3
Dridex
a6bedfed84b15eb841a7c6026d2d4771c9b4c022d4ae8e4304cae987eb3a0d5d
Dridex
bd8eda34944bdde088f555da5f844f37e305a22a4c1a9f58ecbd7c78b4f85207
Dridex
+ 804 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet evasion payload persistence trojan
Link:
https://tria.ge/reports/210921-kd7easghb7/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Adds Run key to start application
Checks whether UAC is enabled
Drops startup file
Loads dropped DLL
Executes dropped EXE
Dridex Shellcode
Dridex
Unpacked files
SH256 hash:
bcdf06a643e9d5ed116bc0090538aa5302b9a775f25c2ed0c625cee475ee8c44
MD5 hash:
dc77ee72271070602a8768c63775c16a
SHA1 hash:
0c9a84e873e62b730f9ff9ed8a70144ced866430
Link:
https://www.unpac.me/results/520cb665-231f-4797-9b7f-8e3c8a4cd542/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bcdf06a643e9d5ed116bc0090538aa5302b9a775f25c2ed0c625cee475ee8c44

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/189740/

Comments