MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf1e36ac51a1a92eb6b5f4c68b67dfccc0692841d73045136cb9d7bc53bcf46d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bf1e36ac51a1a92eb6b5f4c68b67dfccc0692841d73045136cb9d7bc53bcf46d
SHA3-384 hash: 494760d55439d7ad76ee3b2bce3201d8548c6221f4c0528107a64595eb7614094e44d9147af1c5268ac803939d08a93e
SHA1 hash: 8c6a82794b4c794fccce7a8c177551d4032945ff
MD5 hash: b7304a0ce5f2732a115d1cc850eab13c
humanhash: four-solar-kilo-six
File name:kg2v1lpdf
Download: download sample
Signature Dridex
Create hunting rule
File size:221'184 bytes
First seen:2020-11-24 08:55:37 UTC
Last seen:2020-11-24 18:19:14 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 5da19dcc64b843868370fc6bfebaf47e (3 x Dridex)
ssdeep 3072:PUKnIavARia3SsHlptUEb1Z+MfYwbKLIMr2b7XFTfnyrvsherh:PrnvvARmsH1Zxfzmv2vFTarL
Threatray 15 similar samples on MalwareBazaar
TLSH 5224021687C433BAD678B737B55A8C3183B0B64885BDCF1FAB6C84819925347EA1762C
Reporter JAMESWT_WT
Tags:Dridex

Intelligence

File Origin
# of uploads :
9
# of downloads :
213
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Dridex Dropper
Create hunting rule
Detection:
malicious
Classification:
bank.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/545818
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Dridex dropper found
Found potential dummy code loops (likely to delay analysis)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bf1e36ac51a1a92eb6b5f4c68b67dfccc0692841d73045136cb9d7bc53bcf46d/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-11-24 06:19:34 UTC
File Type:
PE (Exe)
Extracted files:
13
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
014f37edfd2c8c498009a71d529838477459cb643ebdb35bf176a41ad7681035
Dridex
17c66a318f48ef5531387fcae08b532e68e7553a8068ae2e37054d5da704645b
Dridex
4b1f2c18b149fd0e878c362ffba50bb553d7bea93a795b33e398d032dc0b7663
Dridex
69ee26ba2019f4cc30752f00a815a726795c8e898edffe739daa6e84e6c41ac2
Dridex
93c97bf3711640d5bd8ff0c2033492b2cea7b81ef2ea0e6f6b2327913e9be9d7
Dridex
9c749e76dc4c135b3e3f87eac42b6aae70a8efec197f9d311917a665697c1bbd
Dridex
b4f32ff1f6a1a6db2497781d64c19868972dbc35be7ff881b63771c96a87a054
Dridex
b65a639e435aa80ece4326d85052f980a9992788d4b9b7fb94141d7e82ddc960
Dridex
d6ddd24040b1f1ae7f42c84ee15f52efa36054e7ed4bb47d177d6b5108c9e5f6
Dridex
ec5c427c6ebf8bd614eea2346509bad3b37f0a090bd2217a1a11835dd9df2562
Dridex
+ 5 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet loader
Link:
https://tria.ge/reports/201124-3fradehgwe/
Behaviour
Dridex Loader
Dridex
Malware Config
C2 Extraction:
175.126.167.148:443
173.249.20.233:8043
162.241.204.233:4443
138.122.143.40:8043
Unpacked files
SH256 hash:
bf1e36ac51a1a92eb6b5f4c68b67dfccc0692841d73045136cb9d7bc53bcf46d
MD5 hash:
b7304a0ce5f2732a115d1cc850eab13c
SHA1 hash:
8c6a82794b4c794fccce7a8c177551d4032945ff
Link:
https://www.unpac.me/results/cb54611d-92c4-4c2b-8637-224d63111ea0/
SH256 hash:
2ed0010a999d077445bf90561755f90d5968e5814b42d80b1545cc15f6217bb5
MD5 hash:
09622943031f2affbf9bc67bad994786
SHA1 hash:
357f9db6ac8f007321d88f7064e3c7c5b328149f
Link:
https://www.unpac.me/results/cb54611d-92c4-4c2b-8637-224d63111ea0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Dridex
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bf1e36ac51a1a92eb6b5f4c68b67dfccc0692841d73045136cb9d7bc53bcf46d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

Executable exe bf1e36ac51a1a92eb6b5f4c68b67dfccc0692841d73045136cb9d7bc53bcf46d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/846718/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/846701/
  
URLhaus
https://urlhaus.abuse.ch/url/846662/
  
URLhaus
https://urlhaus.abuse.ch/url/846861/
  
URLhaus
https://urlhaus.abuse.ch/url/846703/
  
URLhaus
https://urlhaus.abuse.ch/url/846658/
  
URLhaus
https://urlhaus.abuse.ch/url/846673/
  
URLhaus
https://urlhaus.abuse.ch/url/846708/
  
URLhaus
https://urlhaus.abuse.ch/url/846666/
  
URLhaus
https://urlhaus.abuse.ch/url/846664/
  
URLhaus
https://urlhaus.abuse.ch/url/846716/
  
URLhaus
https://urlhaus.abuse.ch/url/846700/
  
URLhaus
https://urlhaus.abuse.ch/url/846706/
  
URLhaus
https://urlhaus.abuse.ch/url/846696/
  
URLhaus
https://urlhaus.abuse.ch/url/846675/
  
URLhaus
https://urlhaus.abuse.ch/url/846709/
  
URLhaus
https://urlhaus.abuse.ch/url/846671/
  
URLhaus
https://urlhaus.abuse.ch/url/846659/
  
URLhaus
https://urlhaus.abuse.ch/url/846903/
  
URLhaus
https://urlhaus.abuse.ch/url/848667/
  
URLhaus
https://urlhaus.abuse.ch/url/846717/
  
URLhaus
https://urlhaus.abuse.ch/url/848989/
  
URLhaus
https://urlhaus.abuse.ch/url/848991/
  
URLhaus
https://urlhaus.abuse.ch/url/849204/
  
URLhaus
https://urlhaus.abuse.ch/url/849269/
  
URLhaus
https://urlhaus.abuse.ch/url/846661/
  
URLhaus
https://urlhaus.abuse.ch/url/850275/
  
URLhaus
https://urlhaus.abuse.ch/url/850277/
  
URLhaus
https://urlhaus.abuse.ch/url/850279/
  
URLhaus
https://urlhaus.abuse.ch/url/850280/
  
URLhaus
https://urlhaus.abuse.ch/url/850281/
  
URLhaus
https://urlhaus.abuse.ch/url/850282/
  
URLhaus
https://urlhaus.abuse.ch/url/850283/
  
URLhaus
https://urlhaus.abuse.ch/url/850285/
  
URLhaus
https://urlhaus.abuse.ch/url/850286/
  
URLhaus
https://urlhaus.abuse.ch/url/850289/
  
URLhaus
https://urlhaus.abuse.ch/url/850290/
  
URLhaus
https://urlhaus.abuse.ch/url/850308/
  
URLhaus
https://urlhaus.abuse.ch/url/850307/
  
URLhaus
https://urlhaus.abuse.ch/url/850310/
  
URLhaus
https://urlhaus.abuse.ch/url/850311/
  
URLhaus
https://urlhaus.abuse.ch/url/850312/
  
URLhaus
https://urlhaus.abuse.ch/url/850316/
  
URLhaus
https://urlhaus.abuse.ch/url/850319/
  
URLhaus
https://urlhaus.abuse.ch/url/850322/
  
URLhaus
https://urlhaus.abuse.ch/url/850323/
  
URLhaus
https://urlhaus.abuse.ch/url/850324/
  
URLhaus
https://urlhaus.abuse.ch/url/850326/
  
URLhaus
https://urlhaus.abuse.ch/url/850330/
  
URLhaus
https://urlhaus.abuse.ch/url/850329/
  
URLhaus
https://urlhaus.abuse.ch/url/850331/
  
URLhaus
https://urlhaus.abuse.ch/url/850332/
  
URLhaus
https://urlhaus.abuse.ch/url/850341/
  
URLhaus
https://urlhaus.abuse.ch/url/850343/
  
URLhaus
https://urlhaus.abuse.ch/url/850350/
  
URLhaus
https://urlhaus.abuse.ch/url/850352/
  
URLhaus
https://urlhaus.abuse.ch/url/850357/
  
URLhaus
https://urlhaus.abuse.ch/url/850360/
  
URLhaus
https://urlhaus.abuse.ch/url/850361/
  
URLhaus
https://urlhaus.abuse.ch/url/850363/
  
URLhaus
https://urlhaus.abuse.ch/url/850364/
  
URLhaus
https://urlhaus.abuse.ch/url/850365/
  
URLhaus
https://urlhaus.abuse.ch/url/850366/
  
URLhaus
https://urlhaus.abuse.ch/url/850367/
  
URLhaus
https://urlhaus.abuse.ch/url/850368/
  
URLhaus
https://urlhaus.abuse.ch/url/850369/
  
URLhaus
https://urlhaus.abuse.ch/url/850370/
  
URLhaus
https://urlhaus.abuse.ch/url/850371/
  
URLhaus
https://urlhaus.abuse.ch/url/850372/
  
URLhaus
https://urlhaus.abuse.ch/url/850373/
  
URLhaus
https://urlhaus.abuse.ch/url/850374/
  
URLhaus
https://urlhaus.abuse.ch/url/850378/
  
URLhaus
https://urlhaus.abuse.ch/url/850379/
  
URLhaus
https://urlhaus.abuse.ch/url/850375/
  
URLhaus
https://urlhaus.abuse.ch/url/850377/
  
URLhaus
https://urlhaus.abuse.ch/url/850380/
  
URLhaus
https://urlhaus.abuse.ch/url/850382/
  
URLhaus
https://urlhaus.abuse.ch/url/850383/
  
URLhaus
https://urlhaus.abuse.ch/url/850384/
  
URLhaus
https://urlhaus.abuse.ch/url/850385/
  
URLhaus
https://urlhaus.abuse.ch/url/850386/
  
URLhaus
https://urlhaus.abuse.ch/url/850387/
  
URLhaus
https://urlhaus.abuse.ch/url/850389/
  
URLhaus
https://urlhaus.abuse.ch/url/850390/
  
URLhaus
https://urlhaus.abuse.ch/url/850462/
  
URLhaus
https://urlhaus.abuse.ch/url/850463/
  
URLhaus
https://urlhaus.abuse.ch/url/850464/
  
URLhaus
https://urlhaus.abuse.ch/url/850465/
  
URLhaus
https://urlhaus.abuse.ch/url/850466/
  
URLhaus
https://urlhaus.abuse.ch/url/850467/
  
URLhaus
https://urlhaus.abuse.ch/url/850468/
  
URLhaus
https://urlhaus.abuse.ch/url/850469/
  
URLhaus
https://urlhaus.abuse.ch/url/850470/
  
URLhaus
https://urlhaus.abuse.ch/url/850472/
  
URLhaus
https://urlhaus.abuse.ch/url/850474/
  
URLhaus
https://urlhaus.abuse.ch/url/850476/
  
URLhaus
https://urlhaus.abuse.ch/url/850478/
  
URLhaus
https://urlhaus.abuse.ch/url/850479/
  
URLhaus
https://urlhaus.abuse.ch/url/850569/
  
URLhaus
https://urlhaus.abuse.ch/url/850572/
  
URLhaus
https://urlhaus.abuse.ch/url/850570/
  
URLhaus
https://urlhaus.abuse.ch/url/850573/
  
URLhaus
https://urlhaus.abuse.ch/url/850575/
  
URLhaus
https://urlhaus.abuse.ch/url/850577/
  
URLhaus
https://urlhaus.abuse.ch/url/850578/

Comments