MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff4227323497b89397e3a641de847a9acb4dcce6c7bf0553d6ea2e7e9af51516. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ff4227323497b89397e3a641de847a9acb4dcce6c7bf0553d6ea2e7e9af51516
SHA3-384 hash: a226683106df83a6789509a0aa10c7649ec1691f978f394333d75452fcf8c29c4e91e8ac9c7f6b22076186cb1120f1de
SHA1 hash: a7c9b2775d3ce4dc1c9733f5152c90ed2bedbd33
MD5 hash: 54de0c957f9e93b6f7fbf9d30ccdc1ea
humanhash: cardinal-cold-mango-ack
File name:8258ab9ffa8af5af41670bc9ad1459f9
Download: download sample
Signature Dridex
Create hunting rule
File size:561'152 bytes
First seen:2020-11-17 11:56:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 09b6365298d4ee4609aeb81bb15442cb (1 x Dridex)
ssdeep 12288:XQlrt75Vc26RxOnJAfWkwjoV2kDXF3e9X:XQlrdrUx1yoV2kx3c
Threatray 2 similar samples on MalwareBazaar
TLSH 2AC4F154F75B1ED7C1EFC6349D0926B5AF51B50BA2B243141A86B30F2DE82C78ED8B60
Reporter seifreed
Tags:Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Changing a file
Replacing files
Creating a file in the %temp% directory
Running batch commands
Creating a process with a hidden window
Creating a file in the %AppData% subdirectories
Moving a file to the %AppData% subdirectory
Launching a process
Creating a file in the system32 subdirectories
Moving a file to the system32 subdirectory
Setting browser functions hooks
Forced shutdown of a system process
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun with the shell\open\command registry branches
Unauthorized injection to a system process
Enabling autorun by creating a file
Unauthorized injection to a browser process
Forced shutdown of a browser
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ff4227323497b89397e3a641de847a9acb4dcce6c7bf0553d6ea2e7e9af51516/
Threat name:
Win64.Trojan.Drixed
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 12:00:30 UTC
AV detection:
29 of 48 (60.42%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
4646aea4e66e01fc0f7b672c93884abdd152491328c2f7a0e4877a6f9046dd3e
Dridex
e5df93c0fedca105218296cbfc083bdc535ca99862f10d21a179213203d6794f
Dridex
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet loader persistence
Link:
https://tria.ge/reports/201117-a98v4dgh46/
Behaviour
Creates scheduled task(s)
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of UnmapMainImage
Drops file in System32 directory
Adds Run key to start application
Drops startup file
Loads dropped DLL
Dridex Loader
Dridex
Unpacked files
SH256 hash:
ff4227323497b89397e3a641de847a9acb4dcce6c7bf0553d6ea2e7e9af51516
MD5 hash:
54de0c957f9e93b6f7fbf9d30ccdc1ea
SHA1 hash:
a7c9b2775d3ce4dc1c9733f5152c90ed2bedbd33
Link:
https://www.unpac.me/results/8f1424a4-b07d-428c-be09-4aa88e610315/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments