MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3a12068f2e8db89de560110edc5c93a29f92fd01cc51a5f4bfb14c12a862e84b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara 1 Comments

SHA256 hash: 3a12068f2e8db89de560110edc5c93a29f92fd01cc51a5f4bfb14c12a862e84b
SHA3-384 hash: 05fdfd980a881bfa431ca5c866d663bb859c4a12e3b7a11d76b0bb35460652fa786679a0ee119bfe9da38436e719d4c6
SHA1 hash: f968d84ce60f50168cbc63e0cbaa3fbcc00995e0
MD5 hash: 1580e540ad5fbaca156c0f63129c22fc
humanhash: coffee-comet-eleven-echo
File name:263673.xls
Download: download sample
Signature Dridex
File size:91'648 bytes
First seen:2020-06-29 19:27:09 UTC
Last seen:Never
File type:Excel file xls
MIME type:application/vnd.ms-excel
ssdeep 1536:Bx90Fwm4IrHPvQF5n1XFWTnp+8fbhxuEApOgRh8amq0xVJ:790HrHPY3n1Xcrphf9xLeOgRrmNVJ
TLSH 8E930132FB345112FBB6EE3CC2375C26EF551F91925769A39B613710283BD8127226CA
Reporter @abuse_ch
Tags:Dridex xls


Twitter
@abuse_ch
Malspam distributing unidentified malware:

HELO: replysstrangesecurebest.us
Sending IP: 194.150.215.7
From: Annemarie Emily <merchandise@replysstrangesecurebest.us>
Reply-To: bre@thegroomingnetwork.com
Subject: You have a package coming.
Attachment: 263673.xls

Unknown payload URL:
http://grryse.com/ximility.exe

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 42
Origin country FR FR
ClamAV No detection
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/3a12068f2e8db89de560110edc5c93a29f92fd01cc51a5f4bfb14c12a862e84b/
ReversingLabs :Status:Malicious
Threat name:Document-Word.Trojan.Encdoc
First seen:2020-06-29 19:29:03 UTC
AV detection:14 of 48 (29.17%)
Threat level:   5/5
Spamhaus Hash Blocklist :Suspicious file
Hatching Triage Score:   6/10
Malware Family:n/a
Link: https://tria.ge/reports/200629-b9r3caphe6/
Tags:n/a
VirusTotal:Virustotal results 6.67%

Yara Signatures


Rule name:SharedStrings
Author:Katie Kleemola
Description:Internal names found in LURK0/CCTV0 samples

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Dridex

Excel file xls 3a12068f2e8db89de560110edc5c93a29f92fd01cc51a5f4bfb14c12a862e84b

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments