MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d6ede8bb0efc6675aa83e08fe7c15ac4f273127373d9677c32e64d7314853db3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d6ede8bb0efc6675aa83e08fe7c15ac4f273127373d9677c32e64d7314853db3
SHA3-384 hash: c16abce4231c4d47b35cca6d07d7dadabbafdfc4343a0b6f30b5b0e659c2f821e0acda564a65ec2ac126bbdd4d101d07
SHA1 hash: f661483da05e57e6a51d0993ed1cceb99e0ef3e0
MD5 hash: 4d18f64d5c203f5847ca937ab9c9b4ac
humanhash: michigan-zebra-fruit-william
File name:Cs3xTXhrij.php
Download: download sample
Signature Dridex
Create hunting rule
File size:159'744 bytes
First seen:2020-11-30 18:40:56 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash d018da091368ddf894984e8df4922b17 (3 x Dridex)
ssdeep 3072:G04MGfObYfRcmyT79rK3WLLnjsIMU8Tr5XgRq:G04MepcmyT7w3WLBMU8xX
Threatray 33 similar samples on MalwareBazaar
TLSH 2EF3D08422606CF3C3B25F325213BB2AF9B5AC0E8926DB45CACE3DB5DBDD1841516E1D
Reporter GovCERT_CH
Tags:Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
151
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/106092/
Detection(s):
SecuriteInfo.com.Generic.mg.275e621895d2a822.31741.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
23 / 100
Link:
https://www.joesandbox.com/analysis/551276
Signature
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 324753 Sample: Cs3xTXhrij.php Startdate: 30/11/2020 Architecture: WINDOWS Score: 23 13 g.msn.com 2->13 15 Machine Learning detection for sample 2->15 7 loaddll32.exe 1 2->7         started        signatures3 process4 process5 9 WerFault.exe 3 9 7->9         started        11 WerFault.exe 3 9 7->11         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d6ede8bb0efc6675aa83e08fe7c15ac4f273127373d9677c32e64d7314853db3/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-11-30 18:41:14 UTC
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
117575378cdb8417249631f97692b696143e893ba230b972e742f8f3a4f9efaa
Dridex
1c0a62a8d16705a2e1a38e0a4b310dbf40ce71e1a2a4c554e35a15ebfc28cb0f
Dridex
1d00275235ee548ab9a9e75b6a5c78bd94a95b5611494f633f2173e3fba11fbc
Dridex
662c21ee2aab3a65de038e9d1d3765093c2dddb0eb4a6ed73799b074f74bb8b9
Dridex
9492c6842475059a6af7f4b8c42e03944f08938243fa393713a5a6a930d79bcd
Dridex
95207a682e024efd1ea2364fd3c19484d70600ee931fb7c1a88d210cebbe8cc6
Dridex
b39e91e4dbc6abd06aaee6598c67c912933d125f291728a65e459209594cad35
Dridex
ca59edc0f721f34fa3178168dcc138947f1370d1672a9653e42eec0327f2ec6a
Dridex
f1f67040aaaaabf6754310829696ba9fd783991ab89e476dfa8c8e698841ce34
Dridex
fad001d463e892e7844040cabdcfa8f8431c07e7ef1ffd76ffbd190f49d7693d
Dridex
+ 23 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet loader
Link:
https://tria.ge/reports/201130-nc2vw169zn/
Behaviour
Suspicious use of WriteProcessMemory
Dridex Loader
Dridex
Malware Config
C2 Extraction:
192.175.111.220:443
64.225.35.35:3098
208.71.173.207:3098
217.79.184.242:4443
Unpacked files
SH256 hash:
0cb521c80f53776162118ed7599cd2428d03ef657afed7e113eac8d7e0efc611
MD5 hash:
613ac39b3587e100319733db128eede9
SHA1 hash:
ac666c8aadf12da371ddea030627bcc886b7c2fe
Detections:
win_dridex_auto
Create hunting rule
Link:
https://www.unpac.me/results/5393b8fe-8e97-42e9-81e2-82615ad24f3d/
Parent samples :
1d00275235ee548ab9a9e75b6a5c78bd94a95b5611494f633f2173e3fba11fbc
d6ede8bb0efc6675aa83e08fe7c15ac4f273127373d9677c32e64d7314853db3
62c45e44733f5b35caffc143a3e8cdb120b40f49dda103524739d22019d2835a
SH256 hash:
2d0bdd681b013db07fb42fbaea95cc2fa9d2edd0e95ad2a5190d108845596896
MD5 hash:
0481a17efa6fd8bbaa3a9684daf11cc1
SHA1 hash:
360fd8b85024b1a802637a7cb3aa3974955d0c78
Link:
https://www.unpac.me/results/5393b8fe-8e97-42e9-81e2-82615ad24f3d/
SH256 hash:
d6ede8bb0efc6675aa83e08fe7c15ac4f273127373d9677c32e64d7314853db3
MD5 hash:
4d18f64d5c203f5847ca937ab9c9b4ac
SHA1 hash:
f661483da05e57e6a51d0993ed1cceb99e0ef3e0
Link:
https://www.unpac.me/results/5393b8fe-8e97-42e9-81e2-82615ad24f3d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Dridex
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d6ede8bb0efc6675aa83e08fe7c15ac4f273127373d9677c32e64d7314853db3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Dridex

Word file doc ab429884cfc510c2dbb4538341a55737a265cb98c822f92323cb408eb668446c

Dridex

DLL dll d6ede8bb0efc6675aa83e08fe7c15ac4f273127373d9677c32e64d7314853db3

(this sample)

  
Dropped by
MD5 e9e990668a43a41566da9704c2076e02
  
Dropped by
Dridex
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/106092/
  
Dropped by
SHA256 ab429884cfc510c2dbb4538341a55737a265cb98c822f92323cb408eb668446c

Comments