MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d70a533b5cff7cbd5cfd5971d7035c07ec3bd0cb20c3171f7dab1620e573a59f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d70a533b5cff7cbd5cfd5971d7035c07ec3bd0cb20c3171f7dab1620e573a59f
SHA3-384 hash: 3b8e866d95560f459492c9d0d950aafdbb2b809da5befc123d71a865d12989c2e1232315fbdc651626a39c207c224137
SHA1 hash: 124c71db17a11b241f823647dfc1b42c655d57cd
MD5 hash: 97f900f84ae5b69b763e3ddb80d2200a
humanhash: sweet-apart-coffee-four
File name:SecuriteInfo.com.Mal.EncPk-APV.3900.19569
Download: download sample
Signature Dridex
Create hunting rule
File size:303'104 bytes
First seen:2020-12-14 19:39:48 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 44323194308d203d3e24e33067a1ef8a (3 x Dridex)
ssdeep 6144:B7DrbzLzj7zL7Drjdf6f1JkbSx0/H8bVMlt7sQaB2XqLYHfcf2B2q7fECeMQz:OHx68bilhsQryYo246fEjM4
Threatray 222 similar samples on MalwareBazaar
TLSH 46546B4D2B8168B6E266E2BD71F9CF5C20F72A502774164F9CDFD1690533A0B9E890CB
Reporter SecuriteInfoCom
Tags:Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
200
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/108021/
Detection(s):
SecuriteInfo.com.Mal.EncPk-APV.3900.19569.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Sending a custom TCP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
bank
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/562563
Signature
Detected Dridex e-Banking trojan
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d70a533b5cff7cbd5cfd5971d7035c07ec3bd0cb20c3171f7dab1620e573a59f/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-12-14 19:15:16 UTC
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=24ffgo24756l2xh5lfy5oa24a7wdxugledbroh35vmlcbzltuwpq._file
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
005e9151ee4b6399cd27d282bd53104ef59bd89fd3fb65c05cd959992f770afa
Dridex
230faee590b012da2bc8fcd3bb46405e4223f3b4dd0de58574d72a602ba0e742
Dridex
2c6110a76dda8da49195052fa561ab8b8278c02df400124e46d26d2df228b70b
Dridex
a1658b979357f174c83dcd9867941d8cd917beb3ea67720fa43b6340b27762ba
Dridex
aacb087e8f85cfd1b69dabd575e8fa48ca589ce69cc6a90e02abc96ea5731a9f
Dridex
bd0d627ee3975e635af6f305cd303e77ed0d03e59d5de8334b3ea00ff771af0d
Dridex
d5ae179e561ca5d1c70064a4566d38475d070047fff325b5e12caa4132232c5c
Dridex
ee492eda053d19e082cd88acef8825e8dfd4616d51689e2e9667f5ed9035b1df
Dridex
f4c15b1eee06d45fa6115ddcfeb24bdacf54570352e0cb713e1c5895089dae1d
Dridex
fa2c2ec137b588edf286ad4f4b35f509256499debeb854a20c89e5c80da41b72
Dridex
+ 212 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet discovery evasion loader trojan
Link:
https://tria.ge/reports/201214-f3wvwdtys2/
Behaviour
Suspicious use of WriteProcessMemory
Checks installed software on the system
Checks whether UAC is enabled
Blocklisted process makes network request
Dridex Loader
Dridex
Malware Config
C2 Extraction:
77.220.64.37:443
51.15.176.55:3389
85.25.144.36:4643
139.162.53.147:4443
Unpacked files
SH256 hash:
d70a533b5cff7cbd5cfd5971d7035c07ec3bd0cb20c3171f7dab1620e573a59f
MD5 hash:
97f900f84ae5b69b763e3ddb80d2200a
SHA1 hash:
124c71db17a11b241f823647dfc1b42c655d57cd
Link:
https://www.unpac.me/results/c00e7ea9-119a-4d7b-a0fe-d5ee7f76c251/
SH256 hash:
aaff5ea8ad962a4088b271c996f7d606666a7a51cf55daabf88a8eee393c84db
MD5 hash:
79482a2e774fc2c91fb441b2fdbcf909
SHA1 hash:
915574033ce56106330d569df3fadb2c15db9b78
Link:
https://www.unpac.me/results/c00e7ea9-119a-4d7b-a0fe-d5ee7f76c251/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d70a533b5cff7cbd5cfd5971d7035c07ec3bd0cb20c3171f7dab1620e573a59f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll d70a533b5cff7cbd5cfd5971d7035c07ec3bd0cb20c3171f7dab1620e573a59f

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/108021/
  
URLhaus
https://urlhaus.abuse.ch/url/918425/
  
Delivery method
Distributed via web download

Comments