MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 110fe6f199298f89f704050eb4dc0d2b19b0985a74ead588441fabac693ab3f5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 110fe6f199298f89f704050eb4dc0d2b19b0985a74ead588441fabac693ab3f5
SHA3-384 hash: c3bc26a8bd75cdf6dd218bfa1dce63b8685d4c2cdc5a3f346ed5cbdc9832fcc79c500c4817758df0db83023e5db5ff17
SHA1 hash: 0549605be574665600cbbcd6cb7799eb21e08bd8
MD5 hash: a3b9337cbcf2f32c9d3d507efcb729b7
humanhash: salami-queen-oscar-floor
File name:glex.exe
Download: download sample
Signature Dridex
Create hunting rule
File size:245'760 bytes
First seen:2020-05-05 15:53:43 UTC
Last seen:2020-05-05 16:46:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3ff9d103d412b4aa1c3f46cf5b5df36b (2 x Dridex)
ssdeep 6144:dYd03W0iVRyzzn5rCr4R3zcWFycIrrwvfEXoS:C0GpefnxR3z7MrrwvfEY
Threatray 97 similar samples on MalwareBazaar
TLSH FD34BDA067F99659F5F36F756DBA12855F76BCA2AC39C20C5340200E0DB6F849DA0B33
Reporter abuse_ch
Tags:Dridex GMX


Avatar
abuse_ch
Dridex payload URL:
http://ginduq.com/glex.exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
145
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.FileRepMalware.18787.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 16:48:09 UTC
File Type:
PE (Exe)
AV detection:
37 of 48 (77.08%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ceh6n4mzfghyt5yeauhljxanfmm3bgc2otvnlcced6v2y2j2wp2q._file
Verdict:
malicious
Label(s):
dridex
Create hunting rule
Similar samples:
055f7e7b22e851afae09773a609a4f354e2dd8455b2eaf2301eb3d8701b60936
Dridex
19042ea0e61783a3c281e3f02e0e2e2b07e9421bae0afeeae21febe450510f0c
Dridex
1dc170fb1ca9e7a48b7b866d7ef0af55d84a7ff819864a5f83ddf9ddf08ffe7e
Dridex
3e45e4e497c317498972fa7789dc00c83b963f8993cd4af4c316291f8745f2c9
Dridex
5ade0c4492ffe4b77776543635a5cad0eef6d4a207f69dac0a59f9ad76aa42ba
Dridex
660a91641b6c4ba3b9d0b3273b318b51314cfc67c8f5f0e4ca20a2e0932329a7
Dridex
72baaecfb7c235e5ecd08aa1d8d8e210edc452f230ece050e1e02badbafadf67
Dridex
ab44ef41e492f3df1be566ddde081d666b3e9f55ee6f0f195fe0acd4d9701912
Dridex
d77234374d79b24022c26ecdd16a684ae7e94efba502422d74852b0eddd4f1b4
Dridex
fcd9abcb235ec7aea9a425394952653a57b44ba9233e934289d2b6892fac82b2
Dridex
+ 87 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet loader evasion trojan
Link:
https://tria.ge/reports/201109-h5tj2h5qce/
Behaviour
Checks whether UAC is enabled
Dridex Loader
Dridex
Malware Config
C2 Extraction:
111.67.68.5:443
178.254.40.33:3389
172.86.183.147:691
107.161.25.120:8443
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_dridex_g2
Create hunting rule
Author:Daniel Plohmann <daniel.plohmann<at>fkie.fraunhofer.de>

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Dridex

Excel file xlsm 563bfe18959a211fa6250cc3e503c402fbb4554bf09d068f0a897bb3c6cc0de2

Dridex

Executable exe 110fe6f199298f89f704050eb4dc0d2b19b0985a74ead588441fabac693ab3f5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/358430/
  
Dropped by
MD5 1aa608b6fc75d0564d2dd07c098db8c1
  
Dropped by
SHA256 563bfe18959a211fa6250cc3e503c402fbb4554bf09d068f0a897bb3c6cc0de2
  
Delivery method
Distributed via e-mail link

Comments