MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d5ae179e561ca5d1c70064a4566d38475d070047fff325b5e12caa4132232c5c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d5ae179e561ca5d1c70064a4566d38475d070047fff325b5e12caa4132232c5c
SHA3-384 hash: e000f511bac79673c4a8e3b3c5473db2efada032007782d6df51c07f8918e5c67427a8ed77cd61a654be95bf8383ffec
SHA1 hash: 0044a2f69081cd4ae156a8b2e524be659a4817c3
MD5 hash: dae0c390f2fb2a870d5190d9fae855df
humanhash: social-fifteen-maine-five
File name:bltajns.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:427'008 bytes
First seen:2020-12-02 16:44:10 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash fe6c357471f98bf9193c6908cc95834e (2 x Dridex)
ssdeep 12288:+GTOGQ7DstX8FM9zxh/d/GMqLTXiLsnyfndmLBMy:ylsx8FMhReMqLzi0em9M
Threatray 186 similar samples on MalwareBazaar
TLSH 6A94BECA8BB14FB4EA9267383729BB53015D6C3BD6014D07B7AC3148ADF1288F967B51
Reporter James_inthe_box
Tags:dll

Intelligence

File Origin
# of uploads :
1
# of downloads :
133
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/106437/
Detection(s):
SecuriteInfo.com.Trojan.Dridex.735.2104.19299.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Artemis6D20DFCE2052.13796.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Sending a custom TCP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
bank
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/553823
Signature
Detected Dridex e-Banking trojan
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d5ae179e561ca5d1c70064a4566d38475d070047fff325b5e12caa4132232c5c/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-12-02 15:41:36 UTC
File Type:
PE (Dll)
Extracted files:
26
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
2c6110a76dda8da49195052fa561ab8b8278c02df400124e46d26d2df228b70b
Dridex
4b1f2c18b149fd0e878c362ffba50bb553d7bea93a795b33e398d032dc0b7663
Dridex
8ceb186696c9bda47466e5ecd1d0f0d5f93318e8bdc6b42454dd3be884e99e33
Dridex
9ca6330ecc859154893e48bed53317005670c23c5d58bca8e991177cbb7324e9
Dridex
a1658b979357f174c83dcd9867941d8cd917beb3ea67720fa43b6340b27762ba
Dridex
a888a7f5140bad661317264229075089b1c8e1267984b3d495a39a5f5638a419
Dridex
b12b65a39a6261016b7473cfd08c316cee6958739e00bb746331bdfb52b4b0bb
Dridex
bd0d627ee3975e635af6f305cd303e77ed0d03e59d5de8334b3ea00ff771af0d
Dridex
e20dadb65651d81743aae5451f4f63d6fd7a7da48d4bf71af247a033ac46ee11
Dridex
ee492eda053d19e082cd88acef8825e8dfd4616d51689e2e9667f5ed9035b1df
Dridex
+ 176 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet discovery evasion loader trojan
Link:
https://tria.ge/reports/201202-12atklm7ya/
Behaviour
Suspicious use of WriteProcessMemory
Checks installed software on the system
Checks whether UAC is enabled
Blacklisted process makes network request
Dridex Loader
Dridex
Malware Config
C2 Extraction:
185.59.223.86:443
123.231.252.10:4646
85.25.109.116:3889
91.83.93.89:4643
Unpacked files
SH256 hash:
d5ae179e561ca5d1c70064a4566d38475d070047fff325b5e12caa4132232c5c
MD5 hash:
dae0c390f2fb2a870d5190d9fae855df
SHA1 hash:
0044a2f69081cd4ae156a8b2e524be659a4817c3
Link:
https://www.unpac.me/results/8b3f3c88-f339-4dbe-83f0-7b5d7ab479b7/
SH256 hash:
d51f45c06e0e2ccc50c218313041c3acadecffc42556351b49ebd4bbe43df9ba
MD5 hash:
7cb3be09fe66c790137854ccf8d804a8
SHA1 hash:
cfb563439b14ebd095107ccc79f715313630874b
Link:
https://www.unpac.me/results/8b3f3c88-f339-4dbe-83f0-7b5d7ab479b7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d5ae179e561ca5d1c70064a4566d38475d070047fff325b5e12caa4132232c5c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/106437/
  
URLhaus
https://urlhaus.abuse.ch/url/882791/
  
URLhaus
https://urlhaus.abuse.ch/url/882769/
  
URLhaus
https://urlhaus.abuse.ch/url/882773/
  
URLhaus
https://urlhaus.abuse.ch/url/882776/
  
URLhaus
https://urlhaus.abuse.ch/url/882790/
  
URLhaus
https://urlhaus.abuse.ch/url/882763/
  
URLhaus
https://urlhaus.abuse.ch/url/882811/
  
URLhaus
https://urlhaus.abuse.ch/url/882812/
  
URLhaus
https://urlhaus.abuse.ch/url/882778/
  
URLhaus
https://urlhaus.abuse.ch/url/882775/
  
URLhaus
https://urlhaus.abuse.ch/url/882810/
  
URLhaus
https://urlhaus.abuse.ch/url/883019/

Comments