MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d58a34c09c98cac2a888f49d5e9d793c0000c968ce1e85e7f82cac77e995b748. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d58a34c09c98cac2a888f49d5e9d793c0000c968ce1e85e7f82cac77e995b748
SHA3-384 hash: 9122c0957fefda16d9def2c2c73a7d9a138b06cc411a9ce813b6fa30c7e5d143bb668727933d88132a6b8bad130ede54
SHA1 hash: 7bf148c4046981d44259b4e6f00c77e0d67e5197
MD5 hash: 83cca249d898bb2ca10c60767aa7ef7f
humanhash: oregon-south-beer-mirror
File name:d58a34c09c98cac2a888f49d5e9d793c0000c968ce1e85e7f82cac77e995b748
Download: download sample
Signature Dridex
Create hunting rule
File size:2'658'304 bytes
First seen:2021-09-22 13:13:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6668be91e2c948b183827f040944057f (1'006 x Dridex)
ssdeep 12288:XVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:efP7fWsK5z9A+WGAW+V5SB6Ct4bnb
Threatray 901 similar samples on MalwareBazaar
TLSH T188C5D020EE69E1E6C6B89F3E9408352717F93D75110D608CC392608F5EFC6546E3E9AE
Reporter JAMESWT_WT
Tags:Dridex exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
d58a34c09c98cac2a888f49d5e9d793c0000c968ce1e85e7f82cac77e995b748
Verdict:
No threats detected
Analysis date:
2021-09-22 13:19:17 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/9aaaf50e-883d-4856-adef-1ca25dc98cfd

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/190179/
Detection(s):
Win.Packed.Razy-9769561-0
Create hunting rule

Malware family:
Dridex
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/83f55123-5042-4d09-a023-4f31dca8ed4c
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/855976
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Benign windows process drops PE files
Changes memory attributes in foreign processes to executable or writable
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Queues an APC in another process (thread injection)
Uses Atom Bombing / ProGate to inject into other processes
Yara detected Dridex unpacked file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 488406 Sample: DlOXbqaERB Startdate: 22/09/2021 Architecture: WINDOWS Score: 100 39 Antivirus detection for dropped file 2->39 41 Antivirus / Scanner detection for submitted sample 2->41 43 Multi AV Scanner detection for submitted file 2->43 45 3 other signatures 2->45 8 loaddll64.exe 1 2->8         started        process3 process4 10 rundll32.exe 8->10         started        13 rundll32.exe 8->13         started        15 cmd.exe 1 8->15         started        17 15 other processes 8->17 signatures5 49 Changes memory attributes in foreign processes to executable or writable 10->49 51 Uses Atom Bombing / ProGate to inject into other processes 10->51 53 Queues an APC in another process (thread injection) 10->53 19 explorer.exe 2 52 10->19 injected 23 rundll32.exe 15->23         started        process6 file7 31 C:\Users\user\AppData\Local\...\DUI70.dll, PE32+ 19->31 dropped 33 C:\Users\user\AppData\Local\...\DUser.dll, PE32+ 19->33 dropped 35 C:\Users\user\AppData\Local\...\dwmapi.dll, PE32+ 19->35 dropped 37 11 other files (1 malicious) 19->37 dropped 47 Benign windows process drops PE files 19->47 25 rdpinit.exe 19->25         started        27 rdpinit.exe 19->27         started        29 CloudStorageWizard.exe 19->29         started        signatures8 process9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d58a34c09c98cac2a888f49d5e9d793c0000c968ce1e85e7f82cac77e995b748/
Threat name:
Win64.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2021-09-18 05:55:14 UTC
AV detection:
34 of 45 (75.56%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
18060b2d2b4c81ce3f38186d9b9df2bb41e9ee4d5c551a74bfefb6c32deb3b4b
Dridex
32583e390af0b8308d9a68c6d5c4ff8c0701a261becb6a88212a44fab59d75e7
Dridex
8a77d625b9903c5a7cb2642751ba725ff4086f4ec19767c110e7eda6b23582dd
Dridex
8f3aada3f4b53e00902e37e055b7d800a220c960b85d3e66cdc1530ec4654500
Dridex
9f45d3a052d52929548b2f3c5a232c12c55bae0b924d005f9341e7510158d21a
Dridex
abd1509baa31ef47e01de4ef7f19c74f8def9b99916741a7e009ce6b899d8b97
Dridex
b07aff83880c9d5315322e289018077face4c3992f81cf08d56ac2602e212385
Dridex
d52cda5e2490233527a71935b1e4722bdc074af16a288596d21343cc67f3b888
Dridex
df045fbbe6e05c05034f3e061fddd7967819c25f1b307c07ef803dc34ef5a73a
Dridex
fe5c928ffd6c1f298f97290cc0811c53376eb3b97fcf23e2789b8a20fb496438
Dridex
+ 891 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet evasion payload persistence trojan
Link:
https://tria.ge/reports/210922-qf3rsacfg7/
Behaviour
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Adds Run key to start application
Checks whether UAC is enabled
Loads dropped DLL
Executes dropped EXE
Dridex Shellcode
Dridex
Unpacked files
SH256 hash:
d58a34c09c98cac2a888f49d5e9d793c0000c968ce1e85e7f82cac77e995b748
MD5 hash:
83cca249d898bb2ca10c60767aa7ef7f
SHA1 hash:
7bf148c4046981d44259b4e6f00c77e0d67e5197
Link:
https://www.unpac.me/results/8c72a0a9-f393-4418-84c2-f84e7a7e43f1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.16
Link:
https://yomi.yoroi.company/submissions/d58a34c09c98cac2a888f49d5e9d793c0000c968ce1e85e7f82cac77e995b748

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/190179/

Comments