MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e19ffa56150021f69ad88bf6c2650f66b6bf4350f3163275abbf98ca94acd157. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e19ffa56150021f69ad88bf6c2650f66b6bf4350f3163275abbf98ca94acd157
SHA3-384 hash: 32a988cc32bc2dcc749596e4bec1c1e380ed5025942c5bda19b341a37ab58cba079649d51990224885dea688b8a76dff
SHA1 hash: a006f6707ac1208d3d93e12e866dadabc6e2ef92
MD5 hash: a289f26f09690ec48b1970204f8757c8
humanhash: bacon-washington-red-wisconsin
File name:a289f26f09690ec48b1970204f8757c8
Download: download sample
Signature Dridex
Create hunting rule
File size:634'880 bytes
First seen:2021-10-13 16:07:29 UTC
Last seen:2021-10-13 17:08:29 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 77aefec4cdbad9a00d9143503be0ce97 (4 x Dridex)
ssdeep 12288:GE6rSiy4Gbs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y1pO/zFZx:8eoz3j0dMZnCutz4zI5xDwXUXm
TLSH T1FFD4F7013A04E821E7E55575DE2AC6E85B183D49EFB1A4CB78E17F0F2ABA9F3D215301
Reporter zbetcheckin
Tags:32 dll Dridex exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
181
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/197289/
Detection(s):
SecuriteInfo.com.ML.PE-A.7787.11721.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
67%
Tags:
greyware
Link:
https://www.filescan.io/uploads/61670465fd35fe780c3d9cdc/reports/203b1f47-7684-46fe-9e14-88dc23989d1f/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Dridex
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/593f068b-fcc7-493e-805d-34d2cb78fb8f
Result
Threat name:
Dridex
Create hunting rule
Detection:
malicious
Classification:
bank.troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/869808
Signature
C2 URLs / IPs found in malware configuration
Connects to many ports of the same IP (likely port scanning)
Detected Dridex e-Banking trojan
Found malware configuration
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected Dridex unpacked file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 502237 Sample: h9WnY2tOg7 Startdate: 13/10/2021 Architecture: WINDOWS Score: 88 25 clientconfig.passport.net 2->25 35 Found malware configuration 2->35 37 Multi AV Scanner detection for submitted file 2->37 39 Yara detected Dridex unpacked file 2->39 41 2 other signatures 2->41 8 loaddll32.exe 13 2->8         started        signatures3 process4 dnsIp5 33 192.168.2.1 unknown unknown 8->33 45 Detected Dridex e-Banking trojan 8->45 12 cmd.exe 1 8->12         started        14 rundll32.exe 8->14         started        17 rundll32.exe 8->17         started        19 rundll32.exe 8->19         started        signatures6 process7 signatures8 21 rundll32.exe 12 12->21         started        47 Detected Dridex e-Banking trojan 14->47 process9 dnsIp10 27 174.128.245.202, 443, 49710, 49714 ST-BGPUS United States 21->27 29 51.83.3.52, 13786, 49718, 49720 OVHFR France 21->29 31 69.64.50.41, 49726, 49729, 49736 AS-30083-GO-DADDY-COM-LLCUS United States 21->31 43 System process connects to network (likely due to code injection or exploit) 21->43 signatures11
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e19ffa56150021f69ad88bf6c2650f66b6bf4350f3163275abbf98ca94acd157/
Threat name:
Win32.Worm.Cridex
Create hunting rule
Status:
Malicious
First seen:
2021-10-13 16:13:33 UTC
AV detection:
4 of 36 (11.11%)
Threat level:
  5/5
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet:10222 botnet discovery evasion trojan
Link:
https://tria.ge/reports/211013-tk8elsedfl/
Behaviour
Suspicious use of WriteProcessMemory
Checks installed software on the system
Checks whether UAC is enabled
Blocklisted process makes network request
Dridex
Malware Config
C2 Extraction:
174.128.245.202:443
51.83.3.52:13786
69.64.50.41:6602
Unpacked files
SH256 hash:
2185bcf3d368837577f5970e63b24ee105793e33738f68b2e568e04375556899
MD5 hash:
776a77a5f941bda451ccfa5d86d89f0e
SHA1 hash:
5037966e7a90240816aec30f02f99c792420387b
Link:
https://www.unpac.me/results/5cbe168c-fdc1-46a5-9c94-7ef6913d2d2f/
SH256 hash:
e19ffa56150021f69ad88bf6c2650f66b6bf4350f3163275abbf98ca94acd157
MD5 hash:
a289f26f09690ec48b1970204f8757c8
SHA1 hash:
a006f6707ac1208d3d93e12e866dadabc6e2ef92
Link:
https://www.unpac.me/results/5cbe168c-fdc1-46a5-9c94-7ef6913d2d2f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e19ffa56150021f69ad88bf6c2650f66b6bf4350f3163275abbf98ca94acd157

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll e19ffa56150021f69ad88bf6c2650f66b6bf4350f3163275abbf98ca94acd157

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1674024/
  
URLhaus
https://urlhaus.abuse.ch/url/1673967/
  
URLhaus
https://urlhaus.abuse.ch/url/1674004/
  
URLhaus
https://urlhaus.abuse.ch/url/1674082/
Cape
Cape
https://www.capesandbox.com/analysis/197289/
  
URLhaus
https://urlhaus.abuse.ch/url/1674106/
  
URLhaus
https://urlhaus.abuse.ch/url/1674108/
  
URLhaus
https://urlhaus.abuse.ch/url/1674037/
  
URLhaus
https://urlhaus.abuse.ch/url/1674097/
  
URLhaus
https://urlhaus.abuse.ch/url/1674123/
  
URLhaus
https://urlhaus.abuse.ch/url/1674086/
  
URLhaus
https://urlhaus.abuse.ch/url/1674095/

Comments


Avatar
zbet commented on 2021-10-13 16:07:31 UTC

url : hxxps://carabaillo.ottimosoft1.com/c78zdj.jpg