MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d90220ddf4ad377e6a9f6a2937ac57cad92933aaef4bea100b1c7593a55a795d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d90220ddf4ad377e6a9f6a2937ac57cad92933aaef4bea100b1c7593a55a795d
SHA3-384 hash: c61987a557adb0d95db83075edd5e9518b433ed9b25b19268ecb63278b827d926010483027deea3f491b42d8a0d702c0
SHA1 hash: 80948ebfec9614f2675d7e3128eb0baed6864bf6
MD5 hash: f838a5ee43d5c3587e08fdde0ccabfbf
humanhash: early-pizza-earth-colorado
File name:d90220ddf4ad377e6a9f6a2937ac57cad92933aaef4bea100b1c7593a55a795d
Download: download sample
Signature Dridex
Create hunting rule
File size:2'637'824 bytes
First seen:2021-09-24 06:03:55 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6668be91e2c948b183827f040944057f (1'006 x Dridex)
ssdeep 12288:9VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1oO3H:kfP7fWsK5z9A+WGAW+V5SB6Ct4bnb3
Threatray 968 similar samples on MalwareBazaar
TLSH T179C58B10FFB245D2C09DF73D788D3412B2B36A60811F869D824F631E5CA5B913E6E99B
Reporter JAMESWT_WT
Tags:Dridex exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
156
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
d90220ddf4ad377e6a9f6a2937ac57cad92933aaef4bea100b1c7593a55a795d
Verdict:
No threats detected
Analysis date:
2021-09-24 06:07:00 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/66d9ac2e-1fa8-4991-be64-f728fb302278

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
DridexV4
Create hunting rule
Link:
https://www.capesandbox.com/analysis/190960/
Detection(s):
Win.Packed.Razy-9769561-0
Create hunting rule

Malware family:
Dridex
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/12f285e4-6a1c-4075-8377-eac603f59d2d
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/857306
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Benign windows process drops PE files
Changes memory attributes in foreign processes to executable or writable
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Queues an APC in another process (thread injection)
Uses Atom Bombing / ProGate to inject into other processes
Yara detected Dridex unpacked file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 489736 Sample: YEkJ9287Wc Startdate: 24/09/2021 Architecture: WINDOWS Score: 100 42 Antivirus detection for dropped file 2->42 44 Antivirus / Scanner detection for submitted sample 2->44 46 Multi AV Scanner detection for submitted file 2->46 48 4 other signatures 2->48 8 loaddll64.exe 1 2->8         started        process3 signatures4 52 Changes memory attributes in foreign processes to executable or writable 8->52 54 Uses Atom Bombing / ProGate to inject into other processes 8->54 56 Queues an APC in another process (thread injection) 8->56 11 rundll32.exe 8->11         started        14 rundll32.exe 8->14         started        16 cmd.exe 1 8->16         started        18 16 other processes 8->18 process5 signatures6 58 Changes memory attributes in foreign processes to executable or writable 11->58 60 Uses Atom Bombing / ProGate to inject into other processes 11->60 20 explorer.exe 2 91 11->20 injected 24 rundll32.exe 16->24         started        process7 file8 34 C:\Users\user\AppData\Local\gRZ7Ho\SPP.dll, PE32+ 20->34 dropped 36 C:\Users\user\AppData\Local\SyTs\MFC42u.dll, PE32+ 20->36 dropped 38 C:\Users\user\AppData\LocaluW\UxTheme.dll, PE32+ 20->38 dropped 40 37 other files (5 malicious) 20->40 dropped 50 Benign windows process drops PE files 20->50 26 BitLockerWizardElev.exe 20->26         started        28 MusNotifyIcon.exe 20->28         started        30 MusNotifyIcon.exe 20->30         started        32 4 other processes 20->32 signatures9 process10
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d90220ddf4ad377e6a9f6a2937ac57cad92933aaef4bea100b1c7593a55a795d/
Threat name:
Win64.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2021-09-23 05:29:00 UTC
AV detection:
34 of 45 (75.56%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
1c3bc54d1cf0f57192ce216be3c7da7ce4ea60d75b2cf28c1d638f3e2d221413
Dridex
23522a7ef91b6ce63bc20377743fdc98d50ba4dc3593f3ca60e8439f029c21f9
Dridex
34cb120651e526fd278ad35258b6517a3d939284f045b8c7e5c69fa33b84698f
Dridex
4003194f26cc503188bda1070d57ae5b32a73220cf3dbbcb45a5c574d90c19e3
Dridex
5178e8d070048a784195fc453c7c9a0092d469567776087eb6c6cf06d037ce58
Dridex
9355ac8b3838829c6151f202d04e67bad10abf695def225a22f1172929276516
Dridex
b5189336c5bf6e23a022bed7f91847703f6a674fed6a51d99d90b9bc16aca80b
Dridex
b9c7ad4091cc16a10e0789ef95bae8905c2b45e195fd69feea02c75e98a280fd
Dridex
c02b8d10400f0d55b54798607f28a991a59d1f02d37fa8f11adff9d7bf23daa2
Dridex
fa34b502d4daa420bd4b368685e63c5fbddbde26811edf03af37dea7075e3dfd
Dridex
+ 958 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet evasion payload persistence trojan
Link:
https://tria.ge/reports/210924-gsmrnagab8/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Adds Run key to start application
Checks whether UAC is enabled
Loads dropped DLL
Executes dropped EXE
Dridex Shellcode
Dridex
Unpacked files
SH256 hash:
d90220ddf4ad377e6a9f6a2937ac57cad92933aaef4bea100b1c7593a55a795d
MD5 hash:
f838a5ee43d5c3587e08fdde0ccabfbf
SHA1 hash:
80948ebfec9614f2675d7e3128eb0baed6864bf6
Link:
https://www.unpac.me/results/ae28d7ca-86df-4334-a376-7e15f5053785/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/d90220ddf4ad/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.16
Link:
https://yomi.yoroi.company/submissions/d90220ddf4ad377e6a9f6a2937ac57cad92933aaef4bea100b1c7593a55a795d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/190960/

Comments