MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d7093640c50ebce8ea387148099bb0e30c9387d2748f728f10398dfd4e365450. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Dridex

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	d7093640c50ebce8ea387148099bb0e30c9387d2748f728f10398dfd4e365450
SHA3-384 hash:	502d0f1bb5b5cc902eb412a72542d5eb76b734aaa50a9f9a5359f5e1217e5755ee2a20562a9642e953b0c9b3f2bc5aea
SHA1 hash:	302b7da0d9472c75869d6c48eee9fb6b652dc618
MD5 hash:	ee69629c63e45daebdd031f840562b34
humanhash:	earth-colorado-social-charlie
File name:	ghen5nlzip
Download:	download sample
Signature	Dridex Create hunting rule
File size:	569'688 bytes
First seen:	2020-11-12 12:19:43 UTC
Last seen:	2024-07-24 21:56:12 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	108c03d319577150f623cda6e1e3914f (4 x Dridex)
ssdeep	6144:7+dBKd3douH2Hnfe1DAXxlzn15BnyR1vwVYhQU7g/FHvY:6do1i21sBlDpyR19h7E/Fw
Threatray	80 similar samples on MalwareBazaar
TLSH	A8C4E590BDA51261E4AD0E32264779BB05DB3443FB73612626E77FE4E4B01B43DBA321
Reporter	JAMESWT_WT
Tags:	Dridex

Code Signing Certificate

Organisation:	TBSEQCGSOBCPOMFNNU
Issuer:	TBSEQCGSOBCPOMFNNU
Algorithm:	sha1WithRSA
Valid from:	Nov 11 20:08:47 2020 GMT
Valid to:	Dec 31 23:59:59 2039 GMT
Serial number:	0A666F80D69E2CBE4E5FBDFDE16A2D73
Thumbprint Algorithm:	SHA256
Thumbprint:	DA7DDC6C87599AC15E01FAE840A74BFF38789F79DA66FD83C68A5D308477CF84
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Mal.EncPk-APV.17592.16596.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Sending a custom TCP request

Result

Verdict:

SUSPICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/532583

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d7093640c50ebce8ea387148099bb0e30c9387d2748f728f10398dfd4e365450/

Threat name:

Win32.Infostealer.Dridex

Status:

Malicious

First seen:

2020-11-12 12:19:22 UTC

File Type:

PE (Dll)

Extracted files:

AV detection:

25 of 29 (86.21%)

Threat level:

5/5

Verdict:

malicious

Label(s):

dridex

Result

Malware family:

dridex

Score:

10/10

Tags:

family:dridex botnet discovery evasion loader trojan

Link:

https://tria.ge/reports/201112-zgphfxrh7s/

Behaviour

Suspicious use of WriteProcessMemory

Checks installed software on the system

Checks whether UAC is enabled

Blacklisted process makes network request

Dridex Loader

Dridex

Malware Config

C2 Extraction:

77.220.64.39:443
69.164.207.140:3388
78.47.139.43:4443
103.244.206.74:33443

Unpacked files

SH256 hash:

d7093640c50ebce8ea387148099bb0e30c9387d2748f728f10398dfd4e365450

MD5 hash:

ee69629c63e45daebdd031f840562b34

SHA1 hash:

302b7da0d9472c75869d6c48eee9fb6b652dc618

Link:

https://www.unpac.me/results/d12dc867-69bb-4d08-9061-eaf62244c1fa/

SH256 hash:

c4ed5400808a7fdff1cdc47d4a434935c94e259b26cad93dc28af2c4c5596762

MD5 hash:

889adce205542ca1eed34a3cc4c7a1c3

SHA1 hash:

b308a0f9096b371162e91ffa62da750e5e46cdc1

Link:

https://www.unpac.me/results/d12dc867-69bb-4d08-9061-eaf62244c1fa/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll d7093640c50ebce8ea387148099bb0e30c9387d2748f728f10398dfd4e365450

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/807846/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/807836/

URLhaus

https://urlhaus.abuse.ch/url/807879/

URLhaus

https://urlhaus.abuse.ch/url/808417/

URLhaus

https://urlhaus.abuse.ch/url/808613/

URLhaus

https://urlhaus.abuse.ch/url/807464/

URLhaus

https://urlhaus.abuse.ch/url/807434/

URLhaus

https://urlhaus.abuse.ch/url/807838/

URLhaus

https://urlhaus.abuse.ch/url/807432/

URLhaus

https://urlhaus.abuse.ch/url/807455/

URLhaus

https://urlhaus.abuse.ch/url/807857/

URLhaus

https://urlhaus.abuse.ch/url/807860/

URLhaus

https://urlhaus.abuse.ch/url/807844/

URLhaus

https://urlhaus.abuse.ch/url/807421/

URLhaus

https://urlhaus.abuse.ch/url/807441/

URLhaus

https://urlhaus.abuse.ch/url/807424/

URLhaus

https://urlhaus.abuse.ch/url/807840/

URLhaus

https://urlhaus.abuse.ch/url/807451/

URLhaus

https://urlhaus.abuse.ch/url/807456/

URLhaus

https://urlhaus.abuse.ch/url/807854/

URLhaus

https://urlhaus.abuse.ch/url/807429/

URLhaus

https://urlhaus.abuse.ch/url/807449/

URLhaus

https://urlhaus.abuse.ch/url/807438/

URLhaus

https://urlhaus.abuse.ch/url/807845/

URLhaus

https://urlhaus.abuse.ch/url/807848/

URLhaus

https://urlhaus.abuse.ch/url/807884/

URLhaus

https://urlhaus.abuse.ch/url/807842/

URLhaus

https://urlhaus.abuse.ch/url/808612/

URLhaus

https://urlhaus.abuse.ch/url/807471/

URLhaus

https://urlhaus.abuse.ch/url/807452/

URLhaus

https://urlhaus.abuse.ch/url/807443/

URLhaus

https://urlhaus.abuse.ch/url/808610/

URLhaus

https://urlhaus.abuse.ch/url/807450/

URLhaus

https://urlhaus.abuse.ch/url/807850/

URLhaus

https://urlhaus.abuse.ch/url/807847/

URLhaus

https://urlhaus.abuse.ch/url/807469/

URLhaus

https://urlhaus.abuse.ch/url/807894/

URLhaus

https://urlhaus.abuse.ch/url/807835/

URLhaus

https://urlhaus.abuse.ch/url/808615/

URLhaus

https://urlhaus.abuse.ch/url/807437/

URLhaus

https://urlhaus.abuse.ch/url/808616/

URLhaus

https://urlhaus.abuse.ch/url/807858/

URLhaus

https://urlhaus.abuse.ch/url/807445/

URLhaus

https://urlhaus.abuse.ch/url/807447/

URLhaus

https://urlhaus.abuse.ch/url/807467/

URLhaus

https://urlhaus.abuse.ch/url/807885/

URLhaus

https://urlhaus.abuse.ch/url/808609/

URLhaus

https://urlhaus.abuse.ch/url/807859/

URLhaus

https://urlhaus.abuse.ch/url/807433/

URLhaus

https://urlhaus.abuse.ch/url/807869/

URLhaus

https://urlhaus.abuse.ch/url/807472/

URLhaus

https://urlhaus.abuse.ch/url/808611/

URLhaus

https://urlhaus.abuse.ch/url/807426/

URLhaus

https://urlhaus.abuse.ch/url/807901/

URLhaus

https://urlhaus.abuse.ch/url/807425/

URLhaus

https://urlhaus.abuse.ch/url/807843/

URLhaus

https://urlhaus.abuse.ch/url/807430/

URLhaus

https://urlhaus.abuse.ch/url/807855/

URLhaus

https://urlhaus.abuse.ch/url/807428/

URLhaus

https://urlhaus.abuse.ch/url/807427/

URLhaus

https://urlhaus.abuse.ch/url/807837/

URLhaus

https://urlhaus.abuse.ch/url/807470/

URLhaus

https://urlhaus.abuse.ch/url/807880/

URLhaus

https://urlhaus.abuse.ch/url/807448/

URLhaus

https://urlhaus.abuse.ch/url/808606/

URLhaus

https://urlhaus.abuse.ch/url/807909/

URLhaus

https://urlhaus.abuse.ch/url/807468/

URLhaus

https://urlhaus.abuse.ch/url/807904/

URLhaus

https://urlhaus.abuse.ch/url/807900/

URLhaus

https://urlhaus.abuse.ch/url/807431/

URLhaus

https://urlhaus.abuse.ch/url/807423/

URLhaus

https://urlhaus.abuse.ch/url/808448/

URLhaus

https://urlhaus.abuse.ch/url/807911/

URLhaus

https://urlhaus.abuse.ch/url/807839/

URLhaus

https://urlhaus.abuse.ch/url/807466/

URLhaus

https://urlhaus.abuse.ch/url/807439/

URLhaus

https://urlhaus.abuse.ch/url/807902/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample