MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3a12068f2e8db89de560110edc5c93a29f92fd01cc51a5f4bfb14c12a862e84b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 2 File information 4 Yara 1 Comments

SHA256 hash: 3a12068f2e8db89de560110edc5c93a29f92fd01cc51a5f4bfb14c12a862e84b
SHA3-384 hash: 05fdfd980a881bfa431ca5c866d663bb859c4a12e3b7a11d76b0bb35460652fa786679a0ee119bfe9da38436e719d4c6
SHA1 hash: f968d84ce60f50168cbc63e0cbaa3fbcc00995e0
MD5 hash: 1580e540ad5fbaca156c0f63129c22fc
humanhash: coffee-comet-eleven-echo
File name:263673.xls
Download: download sample
Signature Dridex
File size:91'648 bytes
First seen:2020-06-29 19:27:09 UTC
Last seen:Never
File type:Excel file xls
MIME type:application/
ssdeep 1536:Bx90Fwm4IrHPvQF5n1XFWTnp+8fbhxuEApOgRh8amq0xVJ:790HrHPY3n1Xcrphf9xLeOgRrmNVJ
TLSH 8E930132FB345112FBB6EE3CC2375C26EF551F91925769A39B613710283BD8127226CA
Reporter @abuse_ch
Tags:Dridex xls

Malspam distributing unidentified malware:

Sending IP:
From: Annemarie Emily <>
Subject: You have a package coming.
Attachment: 263673.xls

Unknown payload URL:


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 42
Origin country FR FR
ClamAV No detection
CERT.PL MWDB Detection:n/a
ReversingLabs :Status:Malicious
Threat name:Document-Word.Trojan.Encdoc
First seen:2020-06-29 19:29:03 UTC
AV detection:14 of 48 (29.17%)
Threat level:   5/5
Spamhaus Hash Blocklist :Suspicious file
Hatching Triage Score:   6/10
Malware Family:n/a
VirusTotal:Virustotal results 6.67%

Yara Signatures

Rule name:SharedStrings
Author:Katie Kleemola
Description:Internal names found in LURK0/CCTV0 samples

File information

The table below shows additional information about this malware sample such as delivery method and external references.



Excel file xls 3a12068f2e8db89de560110edc5c93a29f92fd01cc51a5f4bfb14c12a862e84b

(this sample)

Delivery method
Distributed via e-mail attachment