MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a8429e12437ff33866dfbcdc31059e69ffd1e1f15bf3e76d49564050484b3ee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4a8429e12437ff33866dfbcdc31059e69ffd1e1f15bf3e76d49564050484b3ee
SHA3-384 hash: 2312fff97f3ab77d3796f434a9109dd434c18cae9eb150bd15b22ed7ab3d06c2b4a8b138d302e6d38674238aeabee078
SHA1 hash: 7f0934b06e160576403b50ba2065c13d4dd7c7f5
MD5 hash: db406b5f94c217e5a3069748ccffd1d4
humanhash: tango-pluto-maine-yellow
File name:japele.exe
Download: download sample
Signature Dridex
Create hunting rule
File size:217'088 bytes
First seen:2020-07-21 11:52:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 95f2fcab4a8a9aa5b0c0ef3814d8274f (2 x Dridex)
ssdeep 3072:XU8YEfTswedP5WooJNVLdS5VPvM0Fwy5fXo41FgeAf4fS78YsNrrvBq:XU8YEfT+dEzVLArpJ5X1FgXf4eXsNnv
Threatray 84 similar samples on MalwareBazaar
TLSH 73241292EDD1C2E4F717707110BB7D5E7392F9758A09C629CFC22ED3EAA22179106362
Reporter abuse_ch
Tags:Dridex exe


Avatar
abuse_ch
Malspam distributing Dridex:

HELO: aravali.serverforhost.com
Sending IP: 103.133.215.101
From: Colene Monah <info@gayatrienterprises.net>
Reply-To: carolyn@loncherie.com
Subject: RE: Invoice Due #157973
Attachment: 930324.xls

Dridex payload URL:
http://secretpath.xyz/japele.exe

Botnet ID: 40400
Dridex C2s:
51.38.124.206:443
207.180.230.218:3389
2.58.16.87:8443
45.177.120.36:691

Intelligence

File Origin
# of uploads :
1
# of downloads :
290
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/30116/
Detection(s):
SecuriteInfo.com.Win32.Heim.D.12024.13786.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Result
Threat name:
Dridex Dropper
Create hunting rule
Detection:
malicious
Classification:
bank.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/393072
Behaviour
Behavior Graph:
Download SVG
Detection:
dridex
Create hunting rule
Link:
https://mwdb.cert.pl/sample/4a8429e12437ff33866dfbcdc31059e69ffd1e1f15bf3e76d49564050484b3ee/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-07-21 11:51:13 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jkcctyjeg77thbtn7pg4gecz42p72hq7cw7t45wusvsakbeewpxa._file
Verdict:
suspicious
Similar samples:
4bd12f48c0a5a1dd9a4c0dd17460f2941f3a1b2b11b95961b4092f07622eb5c3
Dridex
52f137c22685d15df043daabdb9c823e07ecec4df42bcc2fa2c5bd45913d32ea
Dridex
5528a39d6f2ca52ad81f936c75e2036cb91d0e88824f7a5abd67a601314b66bb
Dridex
55897dc537d308842906dbf8bffde6eb846cdd6b5e9584d7efcbe7c342d5e699
Dridex
6a05f362aa3b7f597181f694af55d4bddff4cf3e54798dae7fe884dd1faa0494
Dridex
ba07c4c584e73c14357101fe0d9d201f69d160b4c878433a02584ee666e5d15f
Dridex
ce90df48bfadeec34a0e41e19bb140fda94c59fe3d27095b517da6bba4f9eeb3
Dridex
e9b68e43d01d092285e1d109241939a85473ec285448074d0ad0098bc1975550
Dridex
ee22d1b889f577512fc9a45da2ce24a1ddcafdf1fd412f8dd42aa3b112d1fa91
Dridex
f072b971950ba8a2e12c85501f0d63160f833df8411c5fa1cda8ac6261b27a2d
Dridex
+ 74 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200721-397qzb42bx/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4a8429e12437ff33866dfbcdc31059e69ffd1e1f15bf3e76d49564050484b3ee

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Dridex

Excel file xls 16b98e2156fb721a760cd3d4e5c1a8c18dee54f795c6d8624339e25c5e33c2b1

Dridex

Executable exe 4a8429e12437ff33866dfbcdc31059e69ffd1e1f15bf3e76d49564050484b3ee

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/415965/
  
Dropped by
MD5 98878d4f648ee9936b18706b74ef466d
  
Dropped by
SHA256 16b98e2156fb721a760cd3d4e5c1a8c18dee54f795c6d8624339e25c5e33c2b1
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/30116/

Comments