MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c8aa07bbbf65642082b2f05d964c1c74bf1f75c358ff63ef1d850f7fd0b731fc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Dridex

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	c8aa07bbbf65642082b2f05d964c1c74bf1f75c358ff63ef1d850f7fd0b731fc
SHA3-384 hash:	a87b474d5f8cecdd11bf17bf68496b902be990108e602fb3979fa1204727211cbaa646fcfc0955b8155ae5943514d9b4
SHA1 hash:	e4ea883928b9249db15a01bcec499f1af57270e7
MD5 hash:	4bd6e3db0ad09ef4f119a2f86dc4f4ce
humanhash:	equal-dakota-eleven-fanta
File name:	SecuriteInfo.com.Gen.NN.ZexaF.34104.mu0@aiBQ1jai.14314
Download:	download sample
Signature	Dridex Create hunting rule
File size:	200'704 bytes
First seen:	2020-03-25 18:40:17 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	7f8c473a46739ae115500b5e59edc636 (1 x Dridex)
ssdeep	6144:dOJmNGAVqEeTSd1nbPozze7gzCCKCOMOEs6:dOINGKqNSvbPF7g+zMZ
Threatray	348 similar samples on MalwareBazaar
TLSH	6A1412F9AF00557EE4EF66700DBBA2479950348586E9830C8FC52E9BCC336B065727E6
Reporter	SecuriteInfoCom
Tags:	Dridex

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Generic.mg.8451f296eb612c20.17332.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Zenpak

Status:

Malicious

First seen:

2020-03-25 15:17:13 UTC

AV detection:

27 of 31 (87.10%)

Threat level:

2/5

Verdict:

suspicious

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

exe c8aa07bbbf65642082b2f05d964c1c74bf1f75c358ff63ef1d850f7fd0b731fc

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/329927/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Reviews

ID	Capabilities	Evidence
WIN_SVC_API	Can Manipulate Windows Services	ADVAPI32.dll::ChangeServiceConfig2A

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample