MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ecced63b75f7967f2ec05955217d6e30bb45cb0dc7d620213defacf33174e953. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ecced63b75f7967f2ec05955217d6e30bb45cb0dc7d620213defacf33174e953
SHA3-384 hash: 1ac0d5b90bc0c82f924a1d9e563c2dceacc74c26cdd33ac969e0d7ce3bed2d2b3d76b4df137f0f1fba0aac499ec3770f
SHA1 hash: b716816b476e7a0ca2ecc651315d0953a6922d9f
MD5 hash: 77a91cf106e36e8d5a226e719b97776e
humanhash: one-timing-cola-king
File name:Bill.10099_2.xll
Download: download sample
Signature Dridex
Create hunting rule
File size:662'528 bytes
First seen:2021-11-10 10:20:43 UTC
Last seen:2021-11-10 11:16:33 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 8c8bba54a9dc287053536e212411cdac (12 x Dridex)
ssdeep 12288:qHB8k2IlwP0iruRPlOF8bzbBSreqNlKVWf9Zam:w8mO2X16sgm
Threatray 3 similar samples on MalwareBazaar
TLSH T146E46C56BEC6AEA2EF7F51B7C360EA391156736D03A09ACF760305993915FD2403EA03
Reporter ankit_anubhav
Tags:dll Dridex xll

Intelligence

File Origin
# of uploads :
3
# of downloads :
109
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/204681/
Detection(s):
SecuriteInfo.com.Variant.Razy.988317.18932.22638.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-vm greyware packed
Link:
https://www.filescan.io/uploads/618b9d11a00afa9663a2dcdb/reports/b360d155-b426-486c-bd13-675c4f552cae/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/dfdcda31-bf1b-40b5-8659-1e4ade7880be
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/886621
Signature
Initial sample is a PE file and has a suspicious name
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 519094 Sample: Bill.10099_2.xll Startdate: 10/11/2021 Architecture: WINDOWS Score: 52 31 Multi AV Scanner detection for submitted file 2->31 33 Initial sample is a PE file and has a suspicious name 2->33 7 loaddll32.exe 4 2->7         started        process3 process4 9 iexplore.exe 1 74 7->9         started        12 cmd.exe 1 7->12         started        14 regsvr32.exe 3 7->14         started        16 3 other processes 7->16 dnsIp5 29 192.168.2.1 unknown unknown 9->29 18 iexplore.exe 2 150 9->18         started        21 rundll32.exe 1 12->21         started        process6 dnsIp7 23 edge.gycpi.b.yahoodns.net 87.248.118.22, 443, 49852, 49853 YAHOO-DEBDE United Kingdom 18->23 25 dart.l.doubleclick.net 172.217.168.38, 443, 49836, 49837 GOOGLEUS United States 18->25 27 12 other IPs or domains 18->27
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ecced63b75f7967f2ec05955217d6e30bb45cb0dc7d620213defacf33174e953/
Threat name:
Win32.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2021-11-08 14:51:13 UTC
AV detection:
12 of 45 (26.67%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
734829ac3ed2dd05ee416c3f82290b9ebc16c7765b8410917e3b2bc44bda7ee1
Dridex
ae2ee9f58ee2c27d739190e1176d8898a49ddac0c36e392115f12309ac07e63a
Dridex
b2cdcf185c0f0f8049e02f4b8c54c4dbdae4baa4dc4ddc6e1de5e76645cc17f3
Dridex
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/211110-mdncjadhgn/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
02f05760666bda9018b95e442486c504cb67f02f5603406be55effc6dbf5c592
MD5 hash:
d11efc2a4d1d18e45f583c705d2bf575
SHA1 hash:
b465a3e331d9bcafe5bea3754ec481d79de7147e
Link:
https://www.unpac.me/results/17593f68-c537-4e7d-bea1-de9c3be9d5d8/
SH256 hash:
8969f89b7a221d864bd5525e463c0db868da673912b3b6c0e1d7babe0f5ec95f
MD5 hash:
414d062a882ae8252dce8ecc5f8e6fda
SHA1 hash:
7f06451ae8553f512bfadd9955a27ad4d13f0331
Link:
https://www.unpac.me/results/17593f68-c537-4e7d-bea1-de9c3be9d5d8/
SH256 hash:
2305a598c67a769a1e6b8168c1fc3f2b34df07830a3d46798d051fb55647cd61
MD5 hash:
c20d8d6c45165f92cd04cb4b9a3f1b69
SHA1 hash:
7aed149218c6563d3fcac4f369ea7a12f4d4ab84
Link:
https://www.unpac.me/results/17593f68-c537-4e7d-bea1-de9c3be9d5d8/
SH256 hash:
ecced63b75f7967f2ec05955217d6e30bb45cb0dc7d620213defacf33174e953
MD5 hash:
77a91cf106e36e8d5a226e719b97776e
SHA1 hash:
b716816b476e7a0ca2ecc651315d0953a6922d9f
Link:
https://www.unpac.me/results/17593f68-c537-4e7d-bea1-de9c3be9d5d8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ecced63b75f7967f2ec05955217d6e30bb45cb0dc7d620213defacf33174e953

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/204681/

Comments