MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f6836f62ad98faecbcf1f897397058756a70a4ebf55723c70de32e36a36980ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f6836f62ad98faecbcf1f897397058756a70a4ebf55723c70de32e36a36980ad
SHA3-384 hash: 39fd2c3c2713bba2d538866a6a181964f2982c27d46a4c464685f265b9074dee3190e678200afeb3fc25b136d5d7956b
SHA1 hash: cfbfd595ad958311a05de74a0aa5193d5f9f412a
MD5 hash: fb4d330648556b4e4b6ae9daf2b7506e
humanhash: hawaii-fish-beer-bakerloo
File name:l1vjebjqrar
Download: download sample
Signature Dridex
Create hunting rule
File size:597'504 bytes
First seen:2020-09-29 13:12:22 UTC
Last seen:2020-09-29 14:16:18 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash ab93342d00ce4c8faa5550ae31e1e6e9 (1 x Dridex)
ssdeep 12288:ar2Dwth2wFbErmalz4V2DqnJAfdre2AhPByUl1rNbgFQbmMZkINi:e2DwthZWlAJAfdrqPBrJgFikd
Threatray 1 similar samples on MalwareBazaar
TLSH 6ED4BF547E82C039F1AB27BE4D29C2B89629BE84873594DF22C65BCF52372D59C70313
Reporter JAMESWT_WT
Tags:Dridex

Intelligence

File Origin
# of uploads :
3
# of downloads :
177
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/66739/
Detection(s):
PUA.Win.Packer.PrivateExeProte-11
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
2 / 100
Link:
https://www.joesandbox.com/analysis/477419
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f6836f62ad98faecbcf1f897397058756a70a4ebf55723c70de32e36a36980ad/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-09-29 13:14:06 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=62bw6yvntd5ozphr7clts4cyovvhbjhl6vlshryn4mxdni3jqcwq._file
Verdict:
malicious
Similar samples:
c276300a71b1644b4d1e74b1d390bc4ab3ebfe809fd2bdc89a7d607e5cae7ae4
Dridex
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
botnet loader evasion trojan discovery family:dridex
Link:
https://tria.ge/reports/200929-4jfc376kca/
Behaviour
Suspicious use of WriteProcessMemory
Checks installed software on the system
Checks whether UAC is enabled
Blacklisted process makes network request
Dridex Loader
Dridex
Malware Config
C2 Extraction:
67.79.105.174:3786
51.83.96.87:443
192.175.111.212:14043
45.79.226.106:3098
Unpacked files
SH256 hash:
f6836f62ad98faecbcf1f897397058756a70a4ebf55723c70de32e36a36980ad
MD5 hash:
fb4d330648556b4e4b6ae9daf2b7506e
SHA1 hash:
cfbfd595ad958311a05de74a0aa5193d5f9f412a
Link:
https://www.unpac.me/results/8972f385-8d96-425b-b1df-dc90e728432a/
SH256 hash:
79476c1e4a0fd9d9969d1fb1b4068ad917a5a04fd392b588ecebf72b505cd769
MD5 hash:
e7fd6f83a137cb670589b699df884492
SHA1 hash:
a6d3172fdf01308142469227b0be63a35c346513
Link:
https://www.unpac.me/results/8972f385-8d96-425b-b1df-dc90e728432a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f6836f62ad98faecbcf1f897397058756a70a4ebf55723c70de32e36a36980ad

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

DLL dll f6836f62ad98faecbcf1f897397058756a70a4ebf55723c70de32e36a36980ad

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/66739/
  
URLhaus
https://urlhaus.abuse.ch/url/623083/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/623084/
  
URLhaus
https://urlhaus.abuse.ch/url/623085/
  
URLhaus
https://urlhaus.abuse.ch/url/623087/
  
URLhaus
https://urlhaus.abuse.ch/url/623088/

Comments