MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b4e56b4e7f014e7b4febd123e4876b2af4c23a74c17b7986969f07798a089cb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5b4e56b4e7f014e7b4febd123e4876b2af4c23a74c17b7986969f07798a089cb
SHA3-384 hash: 5cae6ac33aa1dfca60a349dd6e596bf442889c11452c6d90a63b6bf8b1d2de04c295dab63e56a7668ce589eae36e76b6
SHA1 hash: 3e8a9c4bad3fca630b220e6f7b5f017edaba1bc9
MD5 hash: 3760e6d34e747479189f4ac2584d5688
humanhash: beer-grey-beer-yellow
File name:3760e6d34e747479189f4ac2584d5688.exe
Download: download sample
Signature Dridex
Create hunting rule
File size:217'088 bytes
First seen:2020-05-06 18:49:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ea0dfd7d7d868b00c22349782ea4b1a2 (3 x Dridex)
ssdeep 6144:bLMD6U18+P94did4uwrh6vwhCxgOvYNwuYmbDx:sDI+P9wid6QwCZvYNRYmR
Threatray 96 similar samples on MalwareBazaar
TLSH 1E241284A3FA52D8D91B4431B20EF436D272512C0D9A8BA7CD2CF4DED5D5183ACB25A9
Reporter abuse_ch
Tags:Dridex exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
117
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis.20298.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 19:37:17 UTC
File Type:
PE (Exe)
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lnhfnnhh6akopnh6xujd4sdwwkxuyi5hjql3pgdjnhyhpgfarhfq._file
Verdict:
suspicious
Similar samples:
1561967cff081a9b139de45a82e6a61e2f5b01834d4666f2fc88cf0c52220268
Dridex
1cdadad999b9e70c87560fcd9821c2b0fa4c0a92b8f79bded44935dd4fdc76a5
Dridex
2ba1c6028593abc20b0f03b311123293b2503db0c76be21880dd26493fa0706f
Dridex
7eb56d98f341b98164b70f34d5f4008a07f3fe9d02943ddc7edeacb05f6dd5ef
Dridex
9fdf001f730abe9e97454ce266d79326fb6e7c02fa6f3c16a7bbf5485ef674c4
Dridex
c6cdb5139fdc915f452ff2d5b3cb58cdf23538b0b8a151c912ed3b07d9c3ecf9
Dridex
d2e4ef567c497136b0b0b75929ef07643296ca2814b6b0f19303ee29cb194cb1
Dridex
d54b73a94d481ee2917e42ba3d4ea3b70f368bb13cebf5b8824257907ac84ff1
Dridex
e4d422f3cdbfd7c2455e563222ecc5fbd3c24f467d06e6b8944534788f0c9b57
Dridex
f8c94e76f4d756924bf929b32f85158bc81911ce4a606af67e37460405e0ad3f
Dridex
+ 86 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet loader evasion trojan
Link:
https://tria.ge/reports/201109-hvqgj8k572/
Behaviour
Checks whether UAC is enabled
Dridex Loader
Dridex
Malware Config
C2 Extraction:
38.88.126.131:443
145.239.169.32:8443
163.172.7.152:443
45.79.135.98:691
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

Executable exe 5b4e56b4e7f014e7b4febd123e4876b2af4c23a74c17b7986969f07798a089cb

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/358952/
  
Delivery method
Distributed via web download

Comments