MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7f410926c4fe17c41e37d581b9d6908582eb821075ba7d4a20f58161ef154a7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Dridex

Vendor detections: 9

Intelligence 9 IOCs YARA 2 File information Comments

SHA256 hash:	c7f410926c4fe17c41e37d581b9d6908582eb821075ba7d4a20f58161ef154a7
SHA3-384 hash:	1c115693808e82c4907eab42f6cf8a2786da1490d1f14d74bb7c46a31416336960251530b5148c8be1556335ea1320b8
SHA1 hash:	3465929617850b18d612f407e280af28cca72286
MD5 hash:	abf64911eb9dd3ca980ca660712567bd
humanhash:	avocado-hydrogen-saturn-zulu
File name:	q8w20z.zip
Download:	download sample
Signature	Dridex Create hunting rule
File size:	589'824 bytes
First seen:	2021-02-07 23:24:01 UTC
Last seen:	2021-02-08 00:49:47 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	51b27f4568531763800428bfda4cfb55 (2 x Dridex)
ssdeep	12288:jAEJhkFK62GbYs054M795+voCUxusp39b6nf/DhMsNNUcTAnT:jdJS2GN0aY5goao9b6nt9NHsnT
Threatray	428 similar samples on MalwareBazaar
TLSH	0AC4E0B8B94094A9CC81003CF828FA58D49D7CE78F10E153B2FF3E5F777A9918555A2A
Reporter	opexxx
Tags:	Dridex

Intelligence

File Origin

# of uploads :

# of downloads :

135

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/115994/

Detection(s):

SecuriteInfo.com.Trojan.Dridex.735.2646.18488.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Sending a custom TCP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/601380

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c7f410926c4fe17c41e37d581b9d6908582eb821075ba7d4a20f58161ef154a7/

Threat name:

Win32.Infostealer.Dridex

Status:

Malicious

First seen:

2021-02-02 04:44:14 UTC

AV detection:

23 of 29 (79.31%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=y72bbetmj7qxyqpdpvmbxhljbbmc5obba5n2pvfcb5mbmhxrkstq._file

Verdict:

malicious

Label(s):

dridex

Result

Malware family:

dridex

Score:

10/10

Tags:

family:dridex botnet:10444 botnet discovery evasion loader trojan

Link:

https://tria.ge/reports/210207-dgfwepmpha/

Behaviour

Suspicious use of WriteProcessMemory

Checks installed software on the system

Checks whether UAC is enabled

Blocklisted process makes network request

Dridex Loader

Dridex

Malware Config

C2 Extraction:

77.220.64.131:443
5.196.204.251:5037
192.99.41.136:981
24.229.3.146:4664

Unpacked files

SH256 hash:

11bad76a38c4137acc08ea526363f31886f7034fcdf0320ab73527d9d0332f2a

MD5 hash:

4076b947f2832fe18ba02ded03c1d432

SHA1 hash:

3a1b9c190d6cd543e22ebaef8323d1a14f0b9374

Link:

https://www.unpac.me/results/d431881b-b69c-4765-9983-fbfcdf064f51/

SH256 hash:

c7f410926c4fe17c41e37d581b9d6908582eb821075ba7d4a20f58161ef154a7

MD5 hash:

abf64911eb9dd3ca980ca660712567bd

SHA1 hash:

3465929617850b18d612f407e280af28cca72286

Link:

https://www.unpac.me/results/d431881b-b69c-4765-9983-fbfcdf064f51/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/c7f410926c4fe17c41e37d581b9d6908582eb821075ba7d4a20f58161ef154a7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.