MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d09810e0941a5cb3da1736694c3b4b7cd96d2a60a117b7fc93c566962685e056. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d09810e0941a5cb3da1736694c3b4b7cd96d2a60a117b7fc93c566962685e056
SHA3-384 hash: 69026251b5bcbcfd17b6593339b874b1a60a90b2585ff8a373594852de417cd627e361e588f5aa207961386040080078
SHA1 hash: 5bc6371805abd753699f8731f749d5557f8ecf26
MD5 hash: c185a5c9045614b377c86a1b998155f1
humanhash: tango-spring-alaska-princess
File name:d09810e0941a5cb3da1736694c3b4b7cd96d2a60a117b7fc93c566962685e056
Download: download sample
Signature Dridex
Create hunting rule
File size:366'080 bytes
First seen:2020-11-14 18:03:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 19538b8d0c2f0959265b262df58a068d (5 x Dridex)
ssdeep 6144:p0jl0js0j7q0jwkbqkwDrooNz3+hBkqYB0Mv/KHFLC2FfeQ7qF1FrVOVT:p0jl0js0je0jRHwAkzkmRB0iKtC2FcFs
Threatray 114 similar samples on MalwareBazaar
TLSH D674DFCAE0D79AA3D89405FE2846E7DF432E9F3D4F03B5C29B906418DA579C7C861293
Reporter seifreed
Tags:Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Dridex Dropper
Create hunting rule
Detection:
malicious
Classification:
bank.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/535999
Signature
Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Dridex dropper found
Found potential dummy code loops (likely to delay analysis)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d09810e0941a5cb3da1736694c3b4b7cd96d2a60a117b7fc93c566962685e056/
Threat name:
Win32.Backdoor.Quakbot
Create hunting rule
Status:
Malicious
First seen:
2020-11-14 18:05:21 UTC
AV detection:
28 of 29 (96.55%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2cmbbyeudjolhwqxgzuuyo2lptmw2ktauel3p7etyvtjmjuf4bla._file
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
1da045c742cdf645ef828ae53aa213fd78697d1eaae8c928fb0351f539f0456a
Dridex
23fabd62c5e351924d90ff381ae958a25fa6266c99d9add080e1c6fa35edb6f4
Dridex
57dfc0a1fc4ef09272203a71e957fb8dc78e39007e3ded958ea977a9ae0ffe91
Dridex
7b2066ca8133226cef7b03c26b4e0f8e0dbd668a8c450a66141bd8c14a15ac1f
Dridex
add59aca7ebc19d28be1327a338a1bc71e9942b42ce3d092c9c917c6d7933af7
Dridex
c6b53c9c0fff49b51dd55c00112cb31f895a915139ff1093364b7d167ca85feb
Dridex
d54cce957aed7466de5fb35c5020d00e879fb8e02667ec0d8ea8a2dc4c2829d4
Dridex
dac2ceb27d3342ffab90e132c4f7c02f6b56c14f416241698b2d5a57857cc73e
Dridex
e5f6a67878bbb8b61000b53098e733822cbeee0b53cd83afc574a391ccc62be0
Dridex
e709f2ea257608c15b38293625cbe56694b1a8bc154fc0711f10bbc6b5895686
Dridex
+ 104 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet loader
Link:
https://tria.ge/reports/201114-ken76y22ja/
Behaviour
Dridex Loader
Dridex
Malware Config
C2 Extraction:
194.150.118.7:443
49.212.179.180:3889
69.64.62.4:4443
Unpacked files
SH256 hash:
d09810e0941a5cb3da1736694c3b4b7cd96d2a60a117b7fc93c566962685e056
MD5 hash:
c185a5c9045614b377c86a1b998155f1
SHA1 hash:
5bc6371805abd753699f8731f749d5557f8ecf26
Link:
https://www.unpac.me/results/1e08411f-aec5-49db-bd8f-209f606611e4/
SH256 hash:
5150bcabe44c797d476fe37539cf8f45298b50ad3d41ae332689594b43ccb417
MD5 hash:
b259e879f4decabe6138ee831d830591
SHA1 hash:
f6e415e12379fdb2543c07f92cddeffddf382336
Link:
https://www.unpac.me/results/1e08411f-aec5-49db-bd8f-209f606611e4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
qbot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d09810e0941a5cb3da1736694c3b4b7cd96d2a60a117b7fc93c566962685e056

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_dridex_loader_v2
Create hunting rule
Author:Johannes Bader @viql
Description:detects some Dridex loaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments