MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df24b965e541f833d891035d6413afa250824f0961dcd6080732b175d3057495. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: df24b965e541f833d891035d6413afa250824f0961dcd6080732b175d3057495
SHA3-384 hash: 792307c35e12057c9851187c0b9608020f73000530c2fbccd21b13072795f2a7c2b3aeb00ab325c58ee9f7f3f5b8bf7f
SHA1 hash: 2f637574dd3dd99d2a5caa1595cfdf0d92a64ee7
MD5 hash: 1820e3e20bb91f1b197f1509d98683b7
humanhash: fix-july-winter-single
File name:nni5xpwk
Download: download sample
File size:245'080 bytes
First seen:2020-06-15 12:47:58 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash c56ea0f36b0a72751d5902f37565311d (1 x Gozi, 1 x ZLoader)
ssdeep 6144:avxbGsp+y7cP/sr0HFrUiX4T4XZQYM/og:NspV8/sYCiXJQYMZ
Threatray 62 similar samples on MalwareBazaar
TLSH D534F1796A9FCE83CDBB59F08D7541A6F063319B15BD809BC9E3214C093E9B6C97130A
Reporter JAMESWT_WT
Tags:dll Dridex

Code Signing Certificate

Organisation:YIYEBWXQHAHXTYLOTE
Issuer:YIYEBWXQHAHXTYLOTE
Algorithm:sha1WithRSA
Valid from:Jun 14 19:26:50 2020 GMT
Valid to:Dec 31 23:59:59 2039 GMT
Serial number: -2CA223BBAFA27077B408C7B1EE203127
Intelligence: 2 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 8375F57B296156411C7E41E1EDAE12E379CC1FAC85624CBFC55256A759BDF746
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/10417/
Gathering data
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 12:42:50 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
07b339201b9b88b2f43d68584a102fe3c84ab0393e5869357c0b8d08367cc291
11d14048cb74288cda1a77e860fb1a9f0b150e33f10080cce8f691c9c4e949e8
3110ca3a3f271be4e055a24fb49ae3f35646cea6f99d356ea6672a3f705dcbb5
4655c0216538f752dea2ce1649807d597cd83a935f1385bdd8f418616de97b68
500be83e6624af2302e45bc91e026b776d72824cf84896839e03251c41394110
5f68e13f8bf051e68782ba9f3d67555b3b8ca8d8b06b9d6b98c5c45c7217b1e3
9bd1a0c0564ae97f2b7c62d392fe749fe2459e1b0f16e2aa0625547b411d1a7a
af428d745dcd02eddb036ee2dbba01665b5331493ba16344f5fa1b0bb1aaa616
e894ace959ac95fda393105d2905b0668ad93781c04be83f9f41fdf38edc1cbc
f8bcbdcee35ecafe53c58b8a35bf93db799e7a42136ecb7332d636745744c400
+ 52 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet discovery evasion loader trojan
Link:
https://tria.ge/reports/201109-mq6wbxxtls/
Behaviour
Suspicious use of WriteProcessMemory
Checks installed software on the system
Checks whether UAC is enabled
Blacklisted process makes network request
Dridex Loader
Dridex
Malware Config
C2 Extraction:
159.65.140.182:443
164.132.142.20:3074
195.159.28.229:981
178.62.23.64:4664
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/10417/

Comments