MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d3d026f833f38db4e9c43dd3b7371c3826e39d16ed6c0dfd69301584c6ac4783. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d3d026f833f38db4e9c43dd3b7371c3826e39d16ed6c0dfd69301584c6ac4783
SHA3-384 hash: f3d508546c7c7a289bda83fe28dcd13195b1f647e5c3c0ed4f8f24d16f2f09281658c1a4dfa030831711e609c38ec455
SHA1 hash: f5e36e0b976c0df4a190af50e19a7bdd21676580
MD5 hash: 224e0c5a6e94688d7210f23d63f820a4
humanhash: ceiling-island-enemy-iowa
File name:fprl.exe
Download: download sample
Signature Dridex
Create hunting rule
File size:221'184 bytes
First seen:2020-03-26 15:22:30 UTC
Last seen:2020-03-26 16:41:40 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 92c924c24df0e35b6e1181ef84120afd (2 x Dridex)
ssdeep 6144:vCmm5cj/3bzB/6b/ncBTSIYJHOxS5RuvsN3vC5V64Gd7:vLycjfp/IncBT7YJvuv63vC
Threatray 314 similar samples on MalwareBazaar
TLSH 8324E07027FBE648F5F54B780AB5EBC26A367D50DA71C91E9F024A8F4475A00EC24B13
Reporter James_inthe_box
Tags:Dridex exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.224e0c5a6e94688d.13659.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-03-26 15:22:17 UTC
File Type:
PE (Exe)
AV detection:
26 of 30 (86.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2picn6bt6og3j2oehxj3ony4hatohhiw5vwa37ljgakyjrvmi6bq._file
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
0b02474d4fc4a2d7d4b43562c4b8532e9880941610be7a955ce740fd6f959ac9
Dridex
33f58c125b2149fd2d4ab64d7014ba25b423bd8f190b0aac13e0de8c88049684
Dridex
3c6054b564bc7c113d19d7604baafcd4b23824ecb34f8575e05458b9b1e46063
Dridex
3d0f043627dea5de72eae3fd54dd228dcc4320e8802200dbf21bcbe1cce0bf4a
Dridex
41a3586da1ade6096a5d254c93d071ed5bdd702ddbff61b5db3473495de412e6
Dridex
6067b4d4febf1c025385eab5f40934d1ffe00e3ce2d6f5bb8f6481689d48ae72
Dridex
809dd9df68daf8e93c2b15309aad4401aa1c7a30f727caa5cc7b2cc46aca8664
Dridex
aa4d510f35a686b54ce2a26ae399ef7e9dccc1846b561fd741cf2469b6a77fb4
Dridex
ce90df48bfadeec34a0e41e19bb140fda94c59fe3d27095b517da6bba4f9eeb3
Dridex
ec9f6a70899278d8eecd7c501971b8381b9ef9affae659521f1e5009be15abc7
Dridex
+ 304 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_dridex_g2
Create hunting rule
Author:Daniel Plohmann <daniel.plohmann<at>fkie.fraunhofer.de>

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/330426/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
MULTIMEDIA_APICan Play MultimediaAVIFIL32.dll::AVIStreamStart
WINMM.dll::midiOutGetDevCapsW
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CloseHandle

Comments