MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c4ac66cd26e9c6880438022aba95a5cfe87fe47ecc326c2f1d508a036476ad60. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c4ac66cd26e9c6880438022aba95a5cfe87fe47ecc326c2f1d508a036476ad60
SHA3-384 hash: 04d9309ab570b04520619a4a434256930f805a627613424378523b132b36dbf4bd504575fd5df92ff43534d801837424
SHA1 hash: 7a9171f245c76f06cba356377a562f470b69d662
MD5 hash: dc1098c3583efae371d0d870db9e1f07
humanhash: fanta-fruit-pizza-bulldog
File name:dc1098c3583efae371d0d870db9e1f07.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:524'288 bytes
First seen:2021-12-20 15:26:47 UTC
Last seen:2021-12-21 13:59:58 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 5ad3b93adc2f9b7a31e634988c069f77 (85 x Dridex)
ssdeep 12288:z2cK4kV9W/k7MNKABzMyLi8E6+DnOM2Swyupn:ekMs9
Threatray 5'637 similar samples on MalwareBazaar
TLSH T1F0B4AF92960F6767E43C32B3E8E36436AB434F280DD4BDE5BA00764B733D498649D686
Reporter abuse_ch
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
3
# of downloads :
135
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Lazy.88453.7769.29369.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
DNS request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/61c0a0cbec6c6c14a9e54c17/reports/d136e38e-8c35-4dd9-8908-189bd82f8c72/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Dridex
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/16a3e9e5-8aba-437a-8485-bae164d6dc50
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/910365
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Tries to delay execution (extensive OutputDebugStringW loop)
Yara detected Dridex unpacked file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 542844 Sample: hsbzs9nEo6.dll Startdate: 20/12/2021 Architecture: WINDOWS Score: 80 22 89.31.56.58 UNITHOST-ASNL Netherlands 2->22 24 51.159.52.196 OnlineSASFR France 2->24 26 2 other IPs or domains 2->26 28 Found malware configuration 2->28 30 Multi AV Scanner detection for submitted file 2->30 32 Yara detected Dridex unpacked file 2->32 34 3 other signatures 2->34 9 loaddll32.exe 1 2->9         started        signatures3 process4 signatures5 36 Tries to delay execution (extensive OutputDebugStringW loop) 9->36 12 cmd.exe 1 9->12         started        14 rundll32.exe 9->14         started        process6 process7 16 rundll32.exe 12->16         started        18 WerFault.exe 9 14->18         started        process8 20 WerFault.exe 23 9 16->20         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c4ac66cd26e9c6880438022aba95a5cfe87fe47ecc326c2f1d508a036476ad60/
Threat name:
Win32.Trojan.KryptikAGen
Create hunting rule
Status:
Malicious
First seen:
2021-12-20 14:52:49 UTC
File Type:
PE (Dll)
AV detection:
26 of 28 (92.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yswgntjg5hdiqbbyaivlvfnfz7uh7zd6zqzgyly5kcfagzdwvvqa._file
Verdict:
malicious
Label(s):
doppeldridex
Create hunting rule
dridex
Create hunting rule
Similar samples:
01c3b24353de26b5638d7d9462b83d1b68448c4a0019be14aaa1dc60a09cd491
Dridex
2ed4c30203ad5091fac0cb694f5dca3af5a591e0de6a56a0dfb51f20ba82fbc9
Dridex
4e41e0a0750125693aeadde94e11f23f9b29a81b26b41463117bd39d19374f84
Dridex
752cc527d4c57db8e25158c476c2cc059c688d68b869428f1c5fce651e47a4b2
Dridex
b3f2455dbdfadfdb76026bff37d4180f90b8dcfed7ce84043e2fcef4ae33b5e1
Dridex
e5607a5a103d6bc04f97ffdeea63ba4629a6f99d55d89d2b2047e6d61c539357
Dridex
ee14add8eb5342d6c672dbff573b0737ac4f718f06d2881f9d319e6c806db770
Dridex
+ 5'627 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet:22203 botnet loader
Link:
https://tria.ge/reports/211220-svrdeabgcm/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Dridex Loader
Dridex
Malware Config
C2 Extraction:
51.159.52.196:443
134.209.247.135:6602
194.233.68.48:5228
89.31.56.58:593
Unpacked files
SH256 hash:
e68aad392b03368aebeb92d4110610c525d2172356c76015f5adc6fd7d600cc5
MD5 hash:
ee8f4dfd22436667a28fb35f1ec96e77
SHA1 hash:
6156d2626f83be80955b4a7dd73352b2bf50fb29
Detections:
win_doppeldridex_auto
Create hunting rule
Link:
https://www.unpac.me/results/972cd38a-2394-4abf-8d3f-614cd557bb01/
Parent samples :
c4ac66cd26e9c6880438022aba95a5cfe87fe47ecc326c2f1d508a036476ad60
7249ce3d04df4431c89afca3e3ffbc8e54f0cb820b6d04f602e346eb2b97210c
SH256 hash:
d498467052b610da6fc8d59e245a1b29306dd79cb47b52991082755dfec5bf15
MD5 hash:
ffeed13e5516f419ee3985a35b282462
SHA1 hash:
fc85566576f4edac7b42e6da5eb7fb11a4bca09a
Detections:
win_dridex_auto
Create hunting rule
Link:
https://www.unpac.me/results/972cd38a-2394-4abf-8d3f-614cd557bb01/
Parent samples :
ee14add8eb5342d6c672dbff573b0737ac4f718f06d2881f9d319e6c806db770
b3f2455dbdfadfdb76026bff37d4180f90b8dcfed7ce84043e2fcef4ae33b5e1
4e41e0a0750125693aeadde94e11f23f9b29a81b26b41463117bd39d19374f84
e5607a5a103d6bc04f97ffdeea63ba4629a6f99d55d89d2b2047e6d61c539357
c4ac66cd26e9c6880438022aba95a5cfe87fe47ecc326c2f1d508a036476ad60
59b90c2d9f7732201c2f5498de46accdc545fe34a165bcbba4bd1fb304e3033e
8061601b31fb8b82c7f0dcf77ffbcb74a093d8e64a951cfb9d38992a4cc41913
e1dbc17cfcab4b6b14a07dde15327991d38a314c26a8464bebefb1118f16511a
d42a9de7251a976e19b8a789154d56ab4d36fa0a5dfc5af83f31847111587453
0e5c5fd9dbd9877538234f46af9f9ad2bed5561f5fda9c2de019272741d4c208
ff78059edf414a40fbc264f86c9bcf0f4fc2ae9c7291fb0cb13b250223d9a497
1aa52252a9ae1c24c9a587d84bbe8ad42ea834ecb2f5e363660d0180a0fd358b
c13443798f618fba8cbfe70c4b39e165e0d88dbcb9eaadcb8329536c13ce5e0b
c60194aa02c0f072e83d65fbbdf6cab49ba8e528443146a83685ca39739ff715
3739d6dfdd6a52951b2a44b2b1c5d0f9486c2df83b789d7e7ab76264d2d5dcde
4cfe3f30d028e7cb1eea0ee761b75ed998cd0c6d6ff4f9a802db428d0b9dda39
8187ea4c01f4820600fbfeb8c73d01550c8d87b9203ba76825911851ab68259a
27b24d442413bdb408f7d2e09f440a5fba2d5b2bf22ed2a99562c09dc3234fb3
e94952392e6d98a4263907ae825372ebda1f9208e2478efcfbdb7ae8e90c5582
e73af48a49c537f019c474c3a5f3fc8f4ae434caa9dd4126daeb476add244062
03031415064b651e65b8a83d06eca4e6a83a23854b9b504c011a02feac993dd0
493cac69ba43c4b18827da0beed872830abcffe071ce7f2c90378802196d3c45
85890ee7659c717dfbddc97ffbcd01b495d3a28c728b35cf1cd6ac1ebd306c92
f8dfd17a7ffb6fba87152b11f34ff39cbc29b8661316b9a2f95b9a28af2af9d4
4a04f52da6831a961fc09ff38561ecabdc50fb426aeb343f89454715d6b440ab
f0f8c65ff33028fffaa1b7e9e18dacd896e0b0e8a9fa6e234c719b030b9741ac
999285b1dae2c26e61557b12e3f60dc6135dfb185c0136cb1e2f441149bfea40
201a9f314f99986e881fd18233bc6c7deee7c8a92df33f27bdc8aab461934d1b
38796a89ff94fbae83d2be42eac45f980c3f0c5e1aeb11079c027827f617c04c
93efd751aa87f9bb2dc22adcf47a72f6893a27c49fe074750454d4aacd13b94c
947cfb6d949f9a30f0c66d2aaabb0ccbe4cd0acf735abebc0e929e49c9fe83eb
7d27378b178f3ed92b2f7d4bf9c49e424f875a220fe762d25efb3c4d3879101f
058f651f84f6c0de11e988aeab5179d426d79c345e5fb972c752d70bccddee5c
96122fb865d9d5e150fdbd1c04240e786a3c16528cd33748464eade4ea6d9986
62a4e3d63b7df158f649060adc4a96145f4235b8258d72bb4f39241fd089e772
3bb445d4ffac94906e3a834b659d7adc1f18dc7b9c9196c38b353937f1381278
ec06ef0c5901082335a299b321f16582e6f6639c2299beefa1981eb777b34896
ae2669203764ff3bf46e5b3bd9b5582af63b9544f80114624331e07a3b03b80a
5dc64df3cca54165dc493a27a09243962a8c52c3f2a4118b24f620914f2a9f38
e308e2a2e14fda8199468628a3b5ba983f4703edfaf060eab6ceb88564acfe9b
8cd9c1725c59139cafb22e210d4cbd0e6d78c2d5ed5cddda30b173dc85950d9e
bd66f82a1667ce3dc6250690658f081f262329039c1d5e446bf8026077f07748
4230b78bf642482038b6fe2355c951c13fe8b9c97068273a5aab06356865c8e1
929ca7f836a683e65c010e190a068e6785e8dd2dade630b6006f915d3d5e9007
99b02ee3c8256eb95c745119609a976ced1d887e6475f6bd3768fb9711e75554
2cf9c537591df06f023bbf8cbb88a030d8ab85fd995c302867d0514e5606b234
5b17007c41438abd1b60bc84b2f3fdacd6ce2f42c54e14f8ca97466650c1a2a3
6805b96efa556df82f22e5c3a426f9d6040949dbf0c3c6fb489c2812464aa6b6
7249ce3d04df4431c89afca3e3ffbc8e54f0cb820b6d04f602e346eb2b97210c
634e08b7594849fcd37698e668e7c3bcc8aa5af3cc1dac488bdb19c722a6bce0
f9c89d9fedc27f2af79185065a7b2b98512ed8763b50f0fbd4af59ee36ab611e
SH256 hash:
c4ac66cd26e9c6880438022aba95a5cfe87fe47ecc326c2f1d508a036476ad60
MD5 hash:
dc1098c3583efae371d0d870db9e1f07
SHA1 hash:
7a9171f245c76f06cba356377a562f470b69d662
Link:
https://www.unpac.me/results/972cd38a-2394-4abf-8d3f-614cd557bb01/
Malware family:
Dridex
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/c4ac66cd26e9/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c4ac66cd26e9c6880438022aba95a5cfe87fe47ecc326c2f1d508a036476ad60

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll c4ac66cd26e9c6880438022aba95a5cfe87fe47ecc326c2f1d508a036476ad60

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1901938/
  
Delivery method
Distributed via web download

Comments