MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d3e4a34d13bbfccea5715e95b34c4b2a61b9c920752865add848cd43eac04869. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Dridex


Vendor detections: 7


Intelligence 7 IOCs YARA 3 File information Comments

SHA256 hash: d3e4a34d13bbfccea5715e95b34c4b2a61b9c920752865add848cd43eac04869
SHA3-384 hash: a793fb46288aab6f56a033e23de9add5da74eaed3b2dd11d570cfb374192cb2fc5ff81204691993af6752da867d108c6
SHA1 hash: c90e5c7df3e09450fa1925240731dc3c174de680
MD5 hash: 5f5a92d0ecb1527fff45ea4a88f2802d
humanhash: fifteen-maine-one-beryllium
File name:d3e4a34d13bbfccea5715e95b34c4b2a61b9c920752865add848cd43eac04869
Download: download sample
Signature Dridex
File size:188'416 bytes
First seen:2021-02-23 12:30:14 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 296c5ce0ec7abebda668048df2df9b05 (17 x Dridex)
ssdeep 3072:PZ/Aq5HJv6rBXHdH1iF3P74buGdSg4GeLfqMsnwXB:PbRQBXHtq3PUbt3te7Bsn
Threatray 31 similar samples on MalwareBazaar
TLSH EC048E2DE2EFD9A4F6F33630293642219F257C92DA7CDD1C9B08964E98F01E4C994736
Reporter Cryptolaemus1
Tags:111 Dridex


Avatar
Cryptolaemus1
Dridex 111

Intelligence


File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Result
Threat name:
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Machine Learning detection for sample
System process connects to network (likely due to code injection or exploit)
Tries to detect sandboxes / dynamic malware analysis system (file name check)
Yara detected Dridex unpacked file
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Drixed
Status:
Malicious
First seen:
2021-02-23 12:31:06 UTC
AV detection:
17 of 47 (36.17%)
Threat level:
  5/5
Result
Malware family:
Score:
  10/10
Tags:
family:dridex botnet:111 botnet discovery evasion loader trojan
Behaviour
Suspicious use of WriteProcessMemory
Checks installed software on the system
Checks whether UAC is enabled
Blocklisted process makes network request
Dridex Loader
Dridex
Malware Config
C2 Extraction:
162.13.114.59:443
70.39.99.196:8172
37.187.115.122:6601
Unpacked files
SH256 hash:
61128ec28b7216fe174258dff9946cd32e9e5b8fc60ab787a5a0a61a8b308f11
MD5 hash:
726608aa0655e098d3234e9174db8ea6
SHA1 hash:
7fe3f25c0c10960f1b1b7cbf1175911a09a304b5
SH256 hash:
d3e4a34d13bbfccea5715e95b34c4b2a61b9c920752865add848cd43eac04869
MD5 hash:
5f5a92d0ecb1527fff45ea4a88f2802d
SHA1 hash:
c90e5c7df3e09450fa1925240731dc3c174de680
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DridexV4
Author:kevoreilly
Description:Dridex v4 Payload
Rule name:MALWARE_Win_DLLLoader
Author:ditekSHen
Description:Detects unknown DLL Loader
Rule name:win_dridex_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments