MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f513355f3b913c24be0ba4e03d4f855b953bb8a616368c5a217d33988742f871. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f513355f3b913c24be0ba4e03d4f855b953bb8a616368c5a217d33988742f871
SHA3-384 hash: 1bdd4fa4e06b4caca9ceaf2c8027bb73e7ee764246769cfa438ae34a6b29b0c64e8c95a08826d5c02e7db92aa4f3001b
SHA1 hash: 94e291b03768f7f6695408369de831fa8c5f53a6
MD5 hash: e627be41e421b18c8f7b0d24c1e515a2
humanhash: emma-high-fish-robin
File name:e627be41e421b18c8f7b0d24c1e515a2.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:331'776 bytes
First seen:2020-09-10 08:43:17 UTC
Last seen:2020-09-10 10:36:27 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 80720882903e52c683c983218e5c7ec4 (2 x Dridex)
ssdeep 6144:emEd6CUcxqWBiW+0tF7Il1sztcvwIH+Dinifl4lX8ljMl93ha:Ed6QxqWBi50tF7Il1szmvwLhcX4jI98
Threatray 54 similar samples on MalwareBazaar
TLSH 3964D04A77A851A4E3B31A75D432602F8E3876E07C74FB4E16A81CCCD7A3D39C961396
Reporter abuse_ch
Tags:dll Dridex

Intelligence

File Origin
# of uploads :
2
# of downloads :
197
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.43802774.16446.10886.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/462955
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 283876 Sample: 5tg4eOIl4T.dll Startdate: 10/09/2020 Architecture: WINDOWS Score: 52 10 Multi AV Scanner detection for submitted file 2->10 12 Machine Learning detection for sample 2->12 6 loaddll32.exe 1 2->6         started        process3 process4 8 WerFault.exe 3 9 6->8         started       
Detection:
dridex
Create hunting rule
Link:
https://mwdb.cert.pl/sample/f513355f3b913c24be0ba4e03d4f855b953bb8a616368c5a217d33988742f871/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-09-09 03:58:07 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6ujtkxz3se6cjpqlutqd2t4floktxofgcy3iywrbpuzzrb2c7byq._file
Verdict:
malicious
Label(s):
emotet
Create hunting rule
Similar samples:
0f63e8fa69f0d37bfe7ae6c545e19972c9f1432b804dc1d051bfc1ceed49afa4
Dridex
2ee89b249239c74f9862bd5da57e36780142f8a5cbaecda5d102cae097d6cfd6
Dridex
5e55bed21d40097b28a4e7eeb0cfbd128c5518b60ba9453bd6ffd7f3d2743114
Dridex
60586b7211948ea1df291d62660445cfe231230b6a2063c78596a57651067720
Dridex
69f0200223c9d03d6150c4d0e5bab6dd5654618400716a84a61dc018dc61e57f
Dridex
ac9bdf7234d6fdcb50f8be07e0eadbcec5e07e028aa44d85cda6805a24d86e62
Dridex
accc34541e27e46f4b46339eb25fee6cdccef3c18a849bea359998ebc28f6b59
Dridex
bdf8709d58ab512229a343fba8788770076afd816dc2e9a9abcb803d72bf84b4
Dridex
c4a5fb821fb93ebac8bf91a8cb2097c6f920528bc3803bcd26d70e1f1bd9b201
Dridex
cb0e070326a9ad65db83d61c226e1df30b721a61ef76a6675cb6f025bad513a8
Dridex
+ 44 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
botnet loader family:dridex
Link:
https://tria.ge/reports/200910-vvmvsxhlwn/
Behaviour
Suspicious use of WriteProcessMemory
Dridex Loader
Dridex
Malware Config
C2 Extraction:
67.213.75.205:443
217.160.78.166:4664
185.201.9.197:9443
108.175.9.22:33443
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f513355f3b913c24be0ba4e03d4f855b953bb8a616368c5a217d33988742f871

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll f513355f3b913c24be0ba4e03d4f855b953bb8a616368c5a217d33988742f871

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/456498/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/456499/
  
URLhaus
https://urlhaus.abuse.ch/url/456502/
  
URLhaus
https://urlhaus.abuse.ch/url/456500/
  
URLhaus
https://urlhaus.abuse.ch/url/456503/
Cape
Cape
https://www.capesandbox.com/analysis/58320/

Comments


Avatar
commented on 2020-09-10 09:20:22 UTC

Dridex C2s:
67.213.75.205:443
217.160.78.166:4664
185.201.9.197:9443
108.175.9.22:33443