MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ca59edc0f721f34fa3178168dcc138947f1370d1672a9653e42eec0327f2ec6a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ca59edc0f721f34fa3178168dcc138947f1370d1672a9653e42eec0327f2ec6a
SHA3-384 hash: 4fa9886fead229b9302df0e1151c776e524d4479d346b904660333f30fd40e8dd7b94f26de0789b5bc08e221af944a4d
SHA1 hash: 52368dd1358a3c865c2a64c2b51eef786d0ad15c
MD5 hash: 05f964749a55e118dd6fee180d8d0398
humanhash: steak-vermont-finch-lamp
File name:05f964749a55e118dd6fee180d8d0398.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:327'680 bytes
First seen:2020-09-25 09:08:29 UTC
Last seen:2020-09-25 09:57:45 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 1f572cb1af59b97cfd387615c70e66ad (1 x Dridex)
ssdeep 6144:+hT2Mw9oF8K9lYznaQzSyBrh4v3Amu60tm8Qsw/x3XhhMasm/JMi2Fe4:3MyLK9lqIwh4Qmults/VhhMaX2Fd
Threatray 53 similar samples on MalwareBazaar
TLSH F864D0EEBAEE8664F9F7BFF919358000061FBCD0A579E10D63488D48896361149B2FE5
Reporter abuse_ch
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
2
# of downloads :
166
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Trojan.Dridex.735.22933.22460.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/474897
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ca59edc0f721f34fa3178168dcc138947f1370d1672a9653e42eec0327f2ec6a/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-09-23 10:26:14 UTC
AV detection:
32 of 48 (66.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zjm63qhxehzu7iyxqfunzqjysr7rg4grm4vjmu7ef3wagj7s5rva._file
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
0f63e8fa69f0d37bfe7ae6c545e19972c9f1432b804dc1d051bfc1ceed49afa4
Dridex
2c57cdeb1938688244dcaf05544e47daef28a6cec2866a674df9b6a4ed45237a
Dridex
2d7c7b9472f1f4bb2f678822f16e8575971574ba763bd9e98fdb7d8b2a8f5d2e
Dridex
5b4337f9ae1d91113c91abd0da39794d8aa216b149562440de541ca99618840d
Dridex
5d2e121c650aea3012ab7891236953dd3b09672788a7be2e4a74716c59e94d98
Dridex
662c21ee2aab3a65de038e9d1d3765093c2dddb0eb4a6ed73799b074f74bb8b9
Dridex
8ae193225bd1a7192315a7003aa4aa9565c573b6078f48cc9e290c9b0798235e
Dridex
9492c6842475059a6af7f4b8c42e03944f08938243fa393713a5a6a930d79bcd
Dridex
bdf8709d58ab512229a343fba8788770076afd816dc2e9a9abcb803d72bf84b4
Dridex
fad001d463e892e7844040cabdcfa8f8431c07e7ef1ffd76ffbd190f49d7693d
Dridex
+ 43 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
botnet loader family:dridex
Link:
https://tria.ge/reports/200925-kfw51cw1hn/
Behaviour
Suspicious use of WriteProcessMemory
Dridex Loader
Dridex
Malware Config
C2 Extraction:
51.75.24.85:443
46.22.116.163:3074
173.249.46.113:3889
192.241.174.45:4443
Unpacked files
SH256 hash:
ca59edc0f721f34fa3178168dcc138947f1370d1672a9653e42eec0327f2ec6a
MD5 hash:
05f964749a55e118dd6fee180d8d0398
SHA1 hash:
52368dd1358a3c865c2a64c2b51eef786d0ad15c
Link:
https://www.unpac.me/results/4d9a1b9f-a79c-4277-a98e-ae351a36416d/
SH256 hash:
f3dd5f01d39678f259930d143032368547dfd11d715ac78eae5d75a056d4c4c3
MD5 hash:
37e80d22aa81f3b55f553764c55b8b27
SHA1 hash:
00dbf92c3e12f0ef04b45f4679ddc3cb2874a84a
Link:
https://www.unpac.me/results/4d9a1b9f-a79c-4277-a98e-ae351a36416d/
SH256 hash:
16a531e837ddbcfdea725ff4acef07b2d814ce840b440be8c5739876ae076b3c
MD5 hash:
0ea347c83e11647e055dbf6f12f35b3f
SHA1 hash:
e600b3d9a53e0abf8d7691f6a7cccad735de5a54
Detections:
win_dridex_auto
Create hunting rule
Link:
https://www.unpac.me/results/4d9a1b9f-a79c-4277-a98e-ae351a36416d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ca59edc0f721f34fa3178168dcc138947f1370d1672a9653e42eec0327f2ec6a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll ca59edc0f721f34fa3178168dcc138947f1370d1672a9653e42eec0327f2ec6a

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/65744/
  
URLhaus
https://urlhaus.abuse.ch/url/585776/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/585783/

Comments