MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cafb2f459c2328d6e755c27110fe6b51cdcc3a246189a943f0574c5c71271083. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Dridex

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	cafb2f459c2328d6e755c27110fe6b51cdcc3a246189a943f0574c5c71271083
SHA3-384 hash:	c251df4627d812246451bd005abe529c72d43e7612292acd28ade1efd681bc3c6f838d8397319bd4bf80914a499eca28
SHA1 hash:	b76ab6888bb05f82e6aa3d217678db1a96b46197
MD5 hash:	e3b8259615d2b1ecb4140b4779938cdb
humanhash:	bravo-stream-butter-king
File name:	e3b8259615d2b1ecb4140b4779938cdb.dll
Download:	download sample
Signature	Dridex Create hunting rule
File size:	21'412 bytes
First seen:	2021-02-10 12:30:11 UTC
Last seen:	2021-02-10 14:32:50 UTC
File type:	dll
MIME type:	application/x-dosexec
ssdeep	384:1OTQ7+7pwoYLmG4OUtS8OOr2WN4pw/QF8FF8UHXN77su:go+GB4tDKm97Au
Threatray	4 similar samples on MalwareBazaar
TLSH	90A21939B525C51AC090ECB9CF6AC97AE3783D7A4F2A1CC335D09E9B7633582016846F
Reporter	abuse_ch
Tags:	dll Dridex

Intelligence

File Origin

# of uploads :

2

# of downloads :

114

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/116503/

Detection(s):

SecuriteInfo.com.Trojan.Dridex.735.1531.18804.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

clean

Classification:

n/a

Score:

3 / 100

Link:

https://www.joesandbox.com/analysis/604419

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/cafb2f459c2328d6e755c27110fe6b51cdcc3a246189a943f0574c5c71271083/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=zl5s6rm4emunnz2vyjyrb7tlkhg4yoremge2sq7qk5gfy4jhccbq._file

Verdict:

unknown

Similar samples:

27b86c92d6a04f4074462098e1ea9c0142816b66667effecb36ccde317458166

537bb013b6a0355a7cd93dfb789969aeb6a74659f92212c5678c199c39715e97

d2a72dc9290be1238a427f6feda1bd34ac665134ee4118a42a53da02d808a762

fcb6176fe71dbce1d5474b52e65726dfd4687c6b72f31e7099ac5d79328f681e

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210210-svcd8hzmsj/

Behaviour

Suspicious use of WriteProcessMemory

Unpacked files

SH256 hash:

cafb2f459c2328d6e755c27110fe6b51cdcc3a246189a943f0574c5c71271083

MD5 hash:

e3b8259615d2b1ecb4140b4779938cdb

SHA1 hash:

b76ab6888bb05f82e6aa3d217678db1a96b46197

Link:

https://www.unpac.me/results/8ab53027-a58b-4dee-ac96-659ef7d7def1/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Dridex

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/cafb2f459c2328d6e755c27110fe6b51cdcc3a246189a943f0574c5c71271083

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll cafb2f459c2328d6e755c27110fe6b51cdcc3a246189a943f0574c5c71271083

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/995070/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/116503/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample