MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fdf50dbb288d2bd4a325783e72c1e5c598c87ed11725131f14f449dd6cc22cb1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 7


Intelligence 7 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fdf50dbb288d2bd4a325783e72c1e5c598c87ed11725131f14f449dd6cc22cb1
SHA3-384 hash: 2a92929e60204189e02367135d054b0596c39af8fc314146436b09aeb3cac3d8a26cb4d3c61c43e78920dea46d830649
SHA1 hash: 50c773785cb17532f3d4d04d6b0efc43fc22c3ee
MD5 hash: 8e821425efac1d3f2f905f4bfa76424f
humanhash: two-georgia-september-five
File name:mfyxb.dll
Download: download sample
Signature Dridex
Create hunting rule
File size:241'664 bytes
First seen:2021-01-13 19:08:54 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash ed2860c18f5483e3b5388bad75169dc1 (33 x Dridex)
ssdeep 6144:Q1G3WVIOY6Bdjehj+qudd96ou/6mv5wdC:Q1GmSafShjYdd96z/6cwdC
Threatray 124 similar samples on MalwareBazaar
TLSH 4234BE41B28B8B4BD163163C2576D1F8953CFC909761CE693B64B22F0F739D0892E7A5
Reporter Scoobs_McGee
Tags:Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
184
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/111812/
Detection(s):
SecuriteInfo.com.Generic.mg.0d9378da545ddfff.17812.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
22 / 100
Link:
https://www.joesandbox.com/analysis/580504
Signature
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 339291 Sample: mfyxb.dll Startdate: 13/01/2021 Architecture: WINDOWS Score: 22 12 Machine Learning detection for sample 2->12 6 loaddll32.exe 1 2->6         started        process3 process4 8 WerFault.exe 3 9 6->8         started        10 WerFault.exe 3 9 6->10         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fdf50dbb288d2bd4a325783e72c1e5c598c87ed11725131f14f449dd6cc22cb1/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2021-01-13 19:09:04 UTC
AV detection:
23 of 46 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7x2q3oziruv5jizfpa7hfqpfywmmq7wrc4srghyu6re523gcfsyq._file
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
1003e3179583d7694d8bd7fbbe1fae629ac71cbef35a260a2288f600876b6bdc
Dridex
1c0a62a8d16705a2e1a38e0a4b310dbf40ce71e1a2a4c554e35a15ebfc28cb0f
Dridex
27379612c139d3c4a0c6614ea51d49f2495213c867574354d7851a86fdec2428
Dridex
790b0d9e2b17f637c3e03e410aa22d16eccfefd28d74b226a293c9696edb60ad
Dridex
95207a682e024efd1ea2364fd3c19484d70600ee931fb7c1a88d210cebbe8cc6
Dridex
9b747e89874c0b080cf78ed61a1ccbd9c86045dc61b433116461e3e81eee1348
Dridex
b39e91e4dbc6abd06aaee6598c67c912933d125f291728a65e459209594cad35
Dridex
c475b446e6d620ade6d55ef6eb7f75d29e2be8db678ca4df0254f355ec3b7e74
Dridex
f1f67040aaaaabf6754310829696ba9fd783991ab89e476dfa8c8e698841ce34
Dridex
fee5bb973112d58445d9e267e0ceea137d9cc1fb8a7140cf9a67472c9499a30f
Dridex
+ 114 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet loader
Link:
https://tria.ge/reports/210113-evpl6va5me/
Behaviour
Suspicious use of WriteProcessMemory
Dridex Loader
Dridex
Malware Config
C2 Extraction:
52.73.70.149:443
8.4.9.152:3786
185.246.87.202:3098
50.116.111.64:5353
Unpacked files
SH256 hash:
c7cea01076e24dc1366b6d5521667748a7ffcac69a73a3626113b4b3ff6eaa98
MD5 hash:
d0c03d2d39e906ece3bbc8dd5eb0e992
SHA1 hash:
2a8b1e4064f64b88c4f8e3e1c3e537e23ad0ddf5
Link:
https://www.unpac.me/results/8377ce21-9128-4d9e-94ad-3002b6b8bd5a/
SH256 hash:
0aefb9785b6ca7cbd898bcc2e8a01ce763721bd69b38c0c4d89d296b24e51772
MD5 hash:
c802849147f120a4a16417e0b3249563
SHA1 hash:
f8743c5f5af22dda39c5db3aaa9a2c1fdefada18
Link:
https://www.unpac.me/results/8377ce21-9128-4d9e-94ad-3002b6b8bd5a/
SH256 hash:
fdf50dbb288d2bd4a325783e72c1e5c598c87ed11725131f14f449dd6cc22cb1
MD5 hash:
8e821425efac1d3f2f905f4bfa76424f
SHA1 hash:
50c773785cb17532f3d4d04d6b0efc43fc22c3ee
Link:
https://www.unpac.me/results/8377ce21-9128-4d9e-94ad-3002b6b8bd5a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fdf50dbb288d2bd4a325783e72c1e5c598c87ed11725131f14f449dd6cc22cb1

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DridexV4
Create hunting rule
Author:kevoreilly
Description:Dridex v4 Payload
Rule name:Keylog_bin_mem
Create hunting rule
Author:James_inthe_box
Description:Contains Keylog
Rule name:win_dridex_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Distributed via e-mail link
Cape
Cape
https://www.capesandbox.com/analysis/111812/

Comments