MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d93210076662115315a8713a18a86f22051c45ab7216129daa9b5638a76dac43. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 10


Intelligence 10 IOCs YARA 3 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d93210076662115315a8713a18a86f22051c45ab7216129daa9b5638a76dac43
SHA3-384 hash: fdd2f7f8872a1a9472f28891ea16db5c86dbc294ab5202058b0149426d79dcd4c700eaec03f9303c7558c2d972b91757
SHA1 hash: 804357d2db86df848cf52369236fde45fd61db2e
MD5 hash: 76590750b6933c89a6fd7007812a5897
humanhash: robert-asparagus-burger-lion
File name:76590750b6933c89a6fd7007812a5897
Download: download sample
Signature Dridex
Create hunting rule
File size:167'936 bytes
First seen:2021-07-14 16:22:55 UTC
Last seen:2021-07-14 17:07:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e92132005097daafddd51d9c4d138d88 (6 x Dridex)
ssdeep 3072:a7p3dQo86PI7e2seiJPWZ6Ox1uTQjY48+STfLbh9w47sIF:g3dyj7NseoPOx1KQU5TTbbT
Threatray 4'571 similar samples on MalwareBazaar
TLSH T197F302D1B38B11FEFD5D6470960BA9A612A70C29C37CCAE7E110DC917DE48FB283552A
Reporter zbetcheckin
Tags:32 Dridex exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
159
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
76590750b6933c89a6fd7007812a5897
Verdict:
Suspicious activity
Analysis date:
2021-07-14 16:45:42 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/c297eaa0-ec64-4f53-a6ec-e8eec5561148

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/171767/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware1.29294.8671.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Dridex
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4c457ae6-f7ea-43d4-bf4b-19fb87c405b5
Result
Threat name:
Dridex Dropper
Create hunting rule
Detection:
malicious
Classification:
bank.troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/816410
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Dridex dropper found
Found malware configuration
Found potential dummy code loops (likely to delay analysis)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to delay execution (extensive OutputDebugStringW loop)
Tries to detect sandboxes / dynamic malware analysis system (file name check)
Tries to detect virtualization through RDTSC time measurements
Yara detected Dridex unpacked file
Behaviour
Behavior Graph:
Download SVG
Detection:
dridex
Create hunting rule
Link:
https://mwdb.cert.pl/sample/d93210076662115315a8713a18a86f22051c45ab7216129daa9b5638a76dac43/
Threat name:
Win32.Trojan.GenericML
Create hunting rule
Status:
Malicious
First seen:
2021-07-14 16:23:07 UTC
File Type:
PE (Exe)
AV detection:
25 of 46 (54.35%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
doppeldridex
Create hunting rule
dridex
Create hunting rule
Similar samples:
4ec406d75588c4e395c1a5b93bf43da319684352061cf42876c704d92a52df92
Dridex
60292d0e9ee95a94029fc83e6caebd7d8bbc694bef446d90519df743cbc45cfe
Dridex
635bda46af22563c2c46cbd6d4768f6544758876e8e8fdf859f73730dd7a4112
Dridex
92bab194eb8d9e8189b184caef04bfc4e8b375ec095cd027d94a5fec73747e53
Dridex
9ff01c0edcf9082323a22fc225b4f2f7c9ff6d5b1f7c8d76c94da83b4c37ec25
Dridex
9ffe349bfcaac3ceffbbb5accf85814b0e08d204a02b63a9df9681235a464ecc
Dridex
bf18f7795978afc865f65d3e4618289a9a2f983dcb8f554c233354cfe7ab5f52
Dridex
f418e50acd39dd9daf5a6f7ef7e18be397ee1850854333c6865d3ea0b6030111
Dridex
ff59f0cfc113ec9637aad80512fa7da4a2e77a0ac6ee26a055d73f00607d3217
Dridex
+ 4'561 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet:22201 botnet evasion loader trojan
Link:
https://tria.ge/reports/210714-h36tv4dd92/
Behaviour
Checks whether UAC is enabled
Dridex Loader
Dridex
Malware Config
C2 Extraction:
202.29.60.34:443
66.175.217.172:13786
78.46.78.42:9043
Unpacked files
SH256 hash:
f70719031d4b70dba250686e1677846c46dc9268fd5282f9cc982ae656edb95d
MD5 hash:
77bc0bb42fd5744266d5ec906f1233b1
SHA1 hash:
f924ec4630abe51c91a2c06558f9c0a25ed9db91
Detections:
win_doppeldridex_auto
Create hunting rule
Link:
https://www.unpac.me/results/026715ae-d17f-42fd-9048-abba9c3fa72e/
SH256 hash:
d93210076662115315a8713a18a86f22051c45ab7216129daa9b5638a76dac43
MD5 hash:
76590750b6933c89a6fd7007812a5897
SHA1 hash:
804357d2db86df848cf52369236fde45fd61db2e
Link:
https://www.unpac.me/results/026715ae-d17f-42fd-9048-abba9c3fa72e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.96
Link:
https://yomi.yoroi.company/submissions/d93210076662115315a8713a18a86f22051c45ab7216129daa9b5638a76dac43

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DridexLoader
Create hunting rule
Author:kevoreilly
Description:Dridex v4 dropper C2 parsing function
Rule name:INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFuture
Create hunting rule
Author:ditekSHen
Description:Detect executables with stomped PE compilation timestamp that is greater than local current time
Rule name:win_doppeldridex_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.doppeldridex.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

Executable exe d93210076662115315a8713a18a86f22051c45ab7216129daa9b5638a76dac43

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1454363/
Cape
Cape
https://www.capesandbox.com/analysis/171767/
  
URLhaus
https://urlhaus.abuse.ch/url/1454514/
  
URLhaus
https://urlhaus.abuse.ch/url/1454884/
  
URLhaus
https://urlhaus.abuse.ch/url/1454903/
  
URLhaus
https://urlhaus.abuse.ch/url/1454908/
  
URLhaus
https://urlhaus.abuse.ch/url/1454913/
  
URLhaus
https://urlhaus.abuse.ch/url/1454916/
  
URLhaus
https://urlhaus.abuse.ch/url/1454942/
  
URLhaus
https://urlhaus.abuse.ch/url/1454950/
  
URLhaus
https://urlhaus.abuse.ch/url/1454966/
  
URLhaus
https://urlhaus.abuse.ch/url/1454978/
  
URLhaus
https://urlhaus.abuse.ch/url/1454980/
  
URLhaus
https://urlhaus.abuse.ch/url/1454990/
  
URLhaus
https://urlhaus.abuse.ch/url/1455003/
  
URLhaus
https://urlhaus.abuse.ch/url/1455004/
  
URLhaus
https://urlhaus.abuse.ch/url/1455017/
  
URLhaus
https://urlhaus.abuse.ch/url/1455020/
  
URLhaus
https://urlhaus.abuse.ch/url/1455026/

Comments


Avatar
zbet commented on 2021-07-14 16:22:58 UTC

url : hxxp://insiderushings.com:8088/templates/file7.bin