MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1dc170fb1ca9e7a48b7b866d7ef0af55d84a7ff819864a5f83ddf9ddf08ffe7e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1dc170fb1ca9e7a48b7b866d7ef0af55d84a7ff819864a5f83ddf9ddf08ffe7e
SHA3-384 hash: def103c08b9f26742227c914312e32e3adb271ee15066257b22ae95a085b3703fa488e467dc86cbec3e77d46d8660717
SHA1 hash: e87aa0a39f06bee77e3edf9e7d2eaeab8154b0d8
MD5 hash: 4b4203c8b8be26fd7d7e47d2f5ca66f0
humanhash: october-kansas-november-maryland
File name:6719974801482.xls
Download: download sample
Signature Dridex
Create hunting rule
File size:78'848 bytes
First seen:2020-04-29 13:08:28 UTC
Last seen:2020-04-29 13:42:54 UTC
File type:Excel file xls
MIME type:application/vnd.ms-excel
ssdeep 1536:C9INk3hbdlylKsgqopeJBWhZFGkE+cL2NQAACA8O2F/kkj9Jn8Yw4lFyyRwm3a17:C9INk3hbdlylKsgqopeJBWhZFGkE+cLV
Threatray 73 similar samples on MalwareBazaar
TLSH C7732ED76F738871D645933C4CE989419712FE804AA6434B358073BA7EF1DB0BF11AA9
Reporter cocaman
Tags:Dridex xls


Avatar
cocaman
Malicious email
From: DHL - Cayla Sharpe <Cayla.Sharpe@dhl.com>
Received: from it (net-37-119-85-163.cust.vodafonedsl.it [37.119.85.163])
Date: Wed, 29 Apr 2020 14:03:17 +0100
Subject: - invoice(s) apr 2020
Attachment: 6719974801482.xls

Intelligence

File Origin
# of uploads :
2
# of downloads :
107
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
TwinWave.DridexNumberOne.20200429.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.DridexNumberOne.20200504.UNOFFICIAL
Create hunting rule

Xls.Malware.Agent-7722827-0
Create hunting rule

Result
Threat name:
Unknown
Detection:
malicious
Classification:
expl
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/349095
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
Document-Word.Trojan.Rdn
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 12:44:27 UTC
File Type:
Document
Extracted files:
25
AV detection:
20 of 31 (64.52%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dxaxb6y4vht2jc33qzwx54fpkxmeu77ydgdeux4d3x4534ep7z7a._file
Verdict:
malicious
Label(s):
dridex
Create hunting rule
gozi
Create hunting rule
Similar samples:
3e45e4e497c317498972fa7789dc00c83b963f8993cd4af4c316291f8745f2c9
Dridex
4655c0216538f752dea2ce1649807d597cd83a935f1385bdd8f418616de97b68
Dridex
5ade0c4492ffe4b77776543635a5cad0eef6d4a207f69dac0a59f9ad76aa42ba
Dridex
72baaecfb7c235e5ecd08aa1d8d8e210edc452f230ece050e1e02badbafadf67
Dridex
75d79cd50c0f3def32be69db58e716d7094006636c8ff9479254ff34224d327e
Dridex
d3e9f6933d519b6bd1514ceaaa14df64722214c0c6c2a60a6924c92f284b3c08
Dridex
d77234374d79b24022c26ecdd16a684ae7e94efba502422d74852b0eddd4f1b4
Dridex
e9880c5c608141c8ec12ce1a8d14652731583e4055f74ce2727afe8c3ea15cb6
Dridex
f32072d7d581e1a8d04c47b21dafadd58e3dccc3aa0188d7f95f6867944475e0
Dridex
fcd9abcb235ec7aea9a425394952653a57b44ba9233e934289d2b6892fac82b2
Dridex
+ 63 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Dridex

Excel file xls 1dc170fb1ca9e7a48b7b866d7ef0af55d84a7ff819864a5f83ddf9ddf08ffe7e

(this sample)

  
Delivery method
Distributed via e-mail attachment
  
Dropping
Dridex
Cape
Cape
https://www.capesandbox.com/analysis/2618/

Comments