MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ccde7438b5015713fef79809dd2fa46a1cd2ee5f81f53b322f3ec716dc6e4e38. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 10


Intelligence 10 IOCs YARA 1 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ccde7438b5015713fef79809dd2fa46a1cd2ee5f81f53b322f3ec716dc6e4e38
SHA3-384 hash: d142cae5c85edbf5e41a557884ee9102bb5a0696e9d5769d696be4d663c1ef0ee05f76296e1fece93e480cd2bc7e2280
SHA1 hash: f72965ef856be9cc8f3264cfd818d223f66f3f2c
MD5 hash: 0c0c38134875c72afde26826cd71d3c4
humanhash: pennsylvania-one-alanine-alpha
File name:0c0c38134875c72afde26826cd71d3c4
Download: download sample
Signature Dridex
Create hunting rule
File size:179'200 bytes
First seen:2021-07-27 08:52:37 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 038ee71bd4ea63acaf586d3475ef17a1 (6 x Dridex)
ssdeep 3072:1nY5bY8XE+kkqh84cKcv4FinaLzL2rVQLOmpvNbTAvfstOr18T:lRAkkk84e4wne2nmhFAvf4O
Threatray 8'794 similar samples on MalwareBazaar
TLSH T19904CF51D2DF2AD9C41E97BC11947A0976B07EC2CB28C078E266C4BCEF7BD4649E4326
Reporter zbetcheckin
Tags:32 dll Dridex exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
125
Origin country :
n/a
Vendor Threat Intelligence
Detection:
DridexLoader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/174299/
Detection(s):
SecuriteInfo.com.Variant.Graftor.981531.18311.6054.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/5ad89949-0e87-49ec-b737-3e57ce8b7283
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/822227
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Found PHP interpreter
Found potential dummy code loops (likely to delay analysis)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to delay execution (extensive OutputDebugStringW loop)
Yara detected Dridex unpacked file
Behaviour
Behavior Graph:
Download SVG
Gathering data
Threat name:
Win32.Trojan.Graftor
Create hunting rule
Status:
Malicious
First seen:
2021-07-27 00:58:22 UTC
AV detection:
16 of 46 (34.78%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
doppeldridex
Create hunting rule
dridex
Create hunting rule
Similar samples:
0f52e85eae79fb03bd9b391bc9753417cd066990a41251d385f55e2c9c7b4b53
Dridex
1718966d91a317e8d16a0015e8f24c295f8ce978af37acef7cdbc9d76934c100
Dridex
32d52214cf5e988fcea03d7edc9f775b22da0a886c75f37ceebd9a0b054a1391
Dridex
438c66fb365afa484518a37f4c1ad95b9d5d4990ae6e84d3a3609dcba035a415
Dridex
540ffe6a7836cf941f49b5b9110ad53943c7abd552f3273cdfd9fed7c938085c
Dridex
b2bcb01b2c4755ae460bcd5d2b80bac2b487c6496f9d2db34a0f84a3ffe6084e
Dridex
b556487ae4d889236c1626083b0c9d45a29a5c3bc4e087bf2e3245b6a18ed2db
Dridex
c6ec076b4821de409d2fa1416b8419635421b732960a62e62bac6161040ab342
Dridex
e08fa4239a4c5ed68a5efd79953489da0ba5c3505c19888be83533dea837f99c
Dridex
fbd108648a43add9a2e400640f3e60a7f31971d748ad0e3f8531a17fa328e7c6
Dridex
+ 8'784 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet:22201 botnet evasion loader trojan
Link:
https://tria.ge/reports/210727-4r5z26gkhn/
Behaviour
Suspicious use of WriteProcessMemory
Checks whether UAC is enabled
Dridex Loader
Dridex
Malware Config
C2 Extraction:
45.79.33.48:443
139.162.202.74:5007
68.183.216.174:7443
Unpacked files
SH256 hash:
5bf852452d813f27ecf1c13259164766b496f7882acad7794ad5844efe52a72c
MD5 hash:
d3f69f8c8abc8443ed4f96e49ffb6e19
SHA1 hash:
f5083b71c6b22de6592bcff17dfdbdeef3e69654
Detections:
win_dridex_auto
Create hunting rule
Link:
https://www.unpac.me/results/948e1aad-05b2-4f06-8090-d472dfcd36d5/
Parent samples :
b2bcb01b2c4755ae460bcd5d2b80bac2b487c6496f9d2db34a0f84a3ffe6084e
fbd108648a43add9a2e400640f3e60a7f31971d748ad0e3f8531a17fa328e7c6
1718966d91a317e8d16a0015e8f24c295f8ce978af37acef7cdbc9d76934c100
0f52e85eae79fb03bd9b391bc9753417cd066990a41251d385f55e2c9c7b4b53
ccde7438b5015713fef79809dd2fa46a1cd2ee5f81f53b322f3ec716dc6e4e38
438c66fb365afa484518a37f4c1ad95b9d5d4990ae6e84d3a3609dcba035a415
SH256 hash:
09d711edc6e21a610ae38988c8234af0eaac811590be67229980a98125eeb1e7
MD5 hash:
45043b2a55ade34b5527c393786d82ee
SHA1 hash:
124360c76808eca4ff5a36c5dad08656287cd66d
Detections:
win_doppeldridex_auto
Create hunting rule
Link:
https://www.unpac.me/results/948e1aad-05b2-4f06-8090-d472dfcd36d5/
SH256 hash:
ccde7438b5015713fef79809dd2fa46a1cd2ee5f81f53b322f3ec716dc6e4e38
MD5 hash:
0c0c38134875c72afde26826cd71d3c4
SHA1 hash:
f72965ef856be9cc8f3264cfd818d223f66f3f2c
Link:
https://www.unpac.me/results/948e1aad-05b2-4f06-8090-d472dfcd36d5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.14
Link:
https://yomi.yoroi.company/submissions/ccde7438b5015713fef79809dd2fa46a1cd2ee5f81f53b322f3ec716dc6e4e38

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFuture
Create hunting rule
Author:ditekSHen
Description:Detect executables with stomped PE compilation timestamp that is greater than local current time

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll ccde7438b5015713fef79809dd2fa46a1cd2ee5f81f53b322f3ec716dc6e4e38

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1484147/
Cape
Cape
https://www.capesandbox.com/analysis/174299/

Comments


Avatar
zbet commented on 2021-07-27 08:52:38 UTC

url : hxxp://fastfreeupdates.com:8088/tpls/avatar_sTQx.png