MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4d7fd7d58f0bbd4318dfad6767b1046a25f9fc2915ca41b4763be74da56683a5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4d7fd7d58f0bbd4318dfad6767b1046a25f9fc2915ca41b4763be74da56683a5
SHA3-384 hash: cde341dd2ecf939839d3a8b52b5ec83e3925bbcecd23ba7ad4f1928c449437254fca6d5fdbddc9e45ed2b35155053fcb
SHA1 hash: 5a7c485316737b448ce8274e9239ee4dc767b07b
MD5 hash: 118a0f8b8692456e142d08515c539a63
humanhash: florida-quebec-cat-alanine
File name:flpaoql.exe
Download: download sample
Signature Dridex
Create hunting rule
File size:200'704 bytes
First seen:2020-07-01 13:34:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 816bcf201d3f49fd80ec7c3514518b05 (4 x Dridex)
ssdeep 6144:KzvE37X0lCuqqmHyrYr7NiU3UXHaBCFug:Ko3z+FmHyr4TU3oCFN
Threatray 95 similar samples on MalwareBazaar
TLSH CA140242B78DE0F1D6121074F406BABDB312AEB174094F5AAF983A9DBF361108DB3606
Reporter abuse_ch
Tags:Dridex exe


Avatar
abuse_ch
Malspam distributing Dridex:

HELO: health.24hrvetcarecenter.com
Sending IP: 45.140.18.85
From: Cammi Xylina <termination@health.24hrvetcarecenter.com>
Reply-To: leanne@irvines.ca
Subject: Past Due Invoice No. #851344
Attachment: 858920.xlsm

Dridex payload URL:
http://terracotia.xyz/flpaoql.exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
124
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Generic.mg.118a0f8b8692456e.13265.UNOFFICIAL
Create hunting rule

Detection:
dridex
Create hunting rule
Link:
https://mwdb.cert.pl/sample/4d7fd7d58f0bbd4318dfad6767b1046a25f9fc2915ca41b4763be74da56683a5/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-07-01 12:25:16 UTC
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jv75pvmpbo6uggg7vvtwpmienis7t7bjcxfedndwhptu3jlgqosq._file
Verdict:
suspicious
Similar samples:
10d2dca371bee5330d7ebcd022dbd1baddd3dc8ed4b3b602ce1efe333f79b9c9
Dridex
16236a7967ffcae726ad1c8fff934e7c852ea2216d28bd73f26beb4d74a30bc0
Dridex
4fae283ae2323e49f1a95871e773e3a2bfe54dc151cd7c11cbe41a36fd83bb14
Dridex
7543c6fd163cc67f5bf477b5b583bfca5c094e65c6a5d5dea56e3eeb333b1cad
Dridex
7629b2e44020de99d74665b6afb0877f1f9b192714302eff3a6b38f61f2d79f2
Dridex
b0ebc236d8c390a4e4e4f03fc9cdc0bfadbc1c487777a40592015c016db09612
Dridex
c7d7e6c6dc477e5fdb2b2a26eed1b53e77d455dbec8df800927a5bae69a2cc10
Dridex
e5d4600354cad7a882caac33f0e18bc6702a269dab9315ef71835fbbad747626
Dridex
f072b971950ba8a2e12c85501f0d63160f833df8411c5fa1cda8ac6261b27a2d
Dridex
ffe5b585cebd48c48d45d315506f232f43b77761225cb349fe80e73bfb2485d5
Dridex
+ 85 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200701-me676zxhzx/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Dridex

Excel file xlsm 24f0f50d0dd94a6dcbef33a6abe2cf3a33a19a8752cd95a7a0a436ff1bcce618

Dridex

Executable exe 4d7fd7d58f0bbd4318dfad6767b1046a25f9fc2915ca41b4763be74da56683a5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/406803/
  
Dropped by
MD5 fefa86d7b5dfe6bbfee0b67bb76ed055
  
Dropped by
SHA256 24f0f50d0dd94a6dcbef33a6abe2cf3a33a19a8752cd95a7a0a436ff1bcce618
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/18251/

Comments