MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e023351c103b63084b21d7d0051001caab0643fc7b39f2a5b168c5e923af6430. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 10


Intelligence 10 IOCs YARA 1 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e023351c103b63084b21d7d0051001caab0643fc7b39f2a5b168c5e923af6430
SHA3-384 hash: 8c7cd955a8586954869a6aad4f92c36dfd270085fa1e59156ce762040604049e0ee09e0ccd4c64ee018061df1da189ed
SHA1 hash: 3394ed014d307d5e8258bcac2dc7136900f42b66
MD5 hash: be5c2a86e8203b713825079b800b6d7c
humanhash: oxygen-princess-april-crazy
File name:be5c2a86e8203b713825079b800b6d7c
Download: download sample
Signature Dridex
Create hunting rule
File size:487'424 bytes
First seen:2021-12-06 14:12:26 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 5293be9dcc3fe4423188dd90c7dd2d89 (8 x Dridex)
ssdeep 12288:+QG80io88EmEkECG2EGoyEW+DBY49h4oJIH7l0:TG80io88EmEkECG2EGoyEW++HKyl0
Threatray 5'553 similar samples on MalwareBazaar
TLSH T140A49F6CFCEAB436C411C7F0987793990D352619E3FFE6E0362B9087A7566600A4589F
Reporter zbetcheckin
Tags:32 dll Dridex exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
152
Origin country :
n/a
Vendor Threat Intelligence
Detection:
DridexV4
Create hunting rule
Link:
https://www.capesandbox.com/analysis/211812/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware1.16014.32207.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
67%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/61ae1a71fa72c81b5b0e7c1b/reports/3c2781fb-bb27-43d3-b64d-f768e434ca0d/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Dridex
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/87569b77-5001-43df-829e-ad8f15dfcf0a
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/902328
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected Dridex unpacked file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 534809 Sample: sB4CUtNggS Startdate: 06/12/2021 Architecture: WINDOWS Score: 72 23 Found malware configuration 2->23 25 Multi AV Scanner detection for submitted file 2->25 27 Yara detected Dridex unpacked file 2->27 29 2 other signatures 2->29 8 loaddll32.exe 13 2->8         started        process3 dnsIp4 17 23.246.204.126, 443, 49758, 49766 SOFTLAYERUS United States 8->17 19 172.105.78.60, 4664, 49765, 49770 LINODE-APLinodeLLCUS United States 8->19 21 3 other IPs or domains 8->21 11 cmd.exe 1 8->11         started        process5 process6 13 rundll32.exe 11->13         started        process7 15 WerFault.exe 23 9 13->15         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e023351c103b63084b21d7d0051001caab0643fc7b39f2a5b168c5e923af6430/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2021-12-06 14:13:10 UTC
File Type:
PE (Dll)
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
doppeldridex
Create hunting rule
dridex
Create hunting rule
Similar samples:
537866a96449444a54002776f34eecf053c23122a554a79f4743df0749aa8005
Dridex
6d22c025dfc9ae47f722194f0c139b393e538c9ed467557476be20f19d7e7089
Dridex
6e2c1bfe691c3b9ae8d63f04fb1c129c7935c8a02ea04a45511f582d4155a2ba
Dridex
770cb2aa5ea76f90e27bc72110b531fa3985ab4352d25362926971285408f148
Dridex
b7c8fa282d0db4cb510325a4183dae5fd229b2e4f47b827a2d3cddd8889feb41
Dridex
dc764bcf7c82b8e21be4e6ab57217dea8edce6259c724f5605546e50549a2b99
Dridex
fc3f0a97098ad596b964f2092f5bb60c075a9afc6d1b940ec968005314d94de4
Dridex
+ 5'543 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet:10444 botnet loader
Link:
https://tria.ge/reports/211206-rjed2aebhk/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Dridex Loader
Dridex
Malware Config
C2 Extraction:
23.246.204.126:443
151.106.39.36:8116
103.124.144.123:6891
172.105.78.60:4664
Unpacked files
SH256 hash:
15d4e8533f21841e3457a0440a3b3d2f72d9bbc90861a32f11a6999fa59b4341
MD5 hash:
8c6f23f1f9b1b629dcbf7c28cc6b21fa
SHA1 hash:
666f8046417157cd8ba12554fc3dadd7ef00a6a9
Detections:
win_doppeldridex_auto
Create hunting rule
Link:
https://www.unpac.me/results/82d7a69f-8199-4c93-acd4-2ac61e69be24/
SH256 hash:
fc3f52615d4996f9f78bea42800af68ec41a573ba9fedc2eb0aaa3ff91a68a8f
MD5 hash:
53a27f753dbcbacc2e66c77801169885
SHA1 hash:
31b7502f769c6becafe5f71c986bef3e7dc0fcf5
Detections:
win_dridex_auto
Create hunting rule
Link:
https://www.unpac.me/results/82d7a69f-8199-4c93-acd4-2ac61e69be24/
Parent samples :
e023351c103b63084b21d7d0051001caab0643fc7b39f2a5b168c5e923af6430
6e2c1bfe691c3b9ae8d63f04fb1c129c7935c8a02ea04a45511f582d4155a2ba
fc3f0a97098ad596b964f2092f5bb60c075a9afc6d1b940ec968005314d94de4
82b59ec5899809d0e8bab3cbf8775d994af9cfb9213d1b3650032d263ebcba05
d301deccc78473443431e5dbfd9bf820d0659a5b747adf64ee2d178084cfabf8
b9fc703bbe7b6eb297d7c4506e09105bd652a256f7f0a9bcc379f83c96ced325
3fd7dc1106c94fad9f86c8e3eb4eb838960bfa555de90ee6571f067619f4aa10
538f434173ee3ece95dfb02d2205cbee684ed08180aa716044a26e7b0152806d
SH256 hash:
e023351c103b63084b21d7d0051001caab0643fc7b39f2a5b168c5e923af6430
MD5 hash:
be5c2a86e8203b713825079b800b6d7c
SHA1 hash:
3394ed014d307d5e8258bcac2dc7136900f42b66
Link:
https://www.unpac.me/results/82d7a69f-8199-4c93-acd4-2ac61e69be24/
Malware family:
Dridex
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/e023351c103b/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e023351c103b63084b21d7d0051001caab0643fc7b39f2a5b168c5e923af6430

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFuture
Create hunting rule
Author:ditekSHen
Description:Detect executables with stomped PE compilation timestamp that is greater than local current time

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll e023351c103b63084b21d7d0051001caab0643fc7b39f2a5b168c5e923af6430

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1859139/
  
URLhaus
https://urlhaus.abuse.ch/url/1859141/
  
URLhaus
https://urlhaus.abuse.ch/url/1859266/
  
URLhaus
https://urlhaus.abuse.ch/url/1859151/
  
URLhaus
https://urlhaus.abuse.ch/url/1859248/
  
URLhaus
https://urlhaus.abuse.ch/url/1859224/
  
URLhaus
https://urlhaus.abuse.ch/url/1859302/
Cape
Cape
https://www.capesandbox.com/analysis/211812/
  
URLhaus
https://urlhaus.abuse.ch/url/1859293/
  
URLhaus
https://urlhaus.abuse.ch/url/1859273/
  
URLhaus
https://urlhaus.abuse.ch/url/1859129/
  
URLhaus
https://urlhaus.abuse.ch/url/1859286/
  
URLhaus
https://urlhaus.abuse.ch/url/1859298/

Comments


Avatar
zbet commented on 2021-12-06 14:12:27 UTC

url : hxxps://smpn1tolitoli.sch.id/e8ob2e.rar