MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 73849ce478a894f10589cc31aece7dcb8a39c1c43a4a5c401b2dae86b53bb9c7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 73849ce478a894f10589cc31aece7dcb8a39c1c43a4a5c401b2dae86b53bb9c7
SHA3-384 hash: 7ebecf81a5105dc56e10b5d82610f555c982f48779eb1724ff5771ccc22bc119abd5c9a4bfba9a83d5122caeb36bdd1f
SHA1 hash: 6a3b49122c5c1f3467b1b7005c3500d12e642a7c
MD5 hash: 511caf41153634fb5b39f436bd45c885
humanhash: edward-oregon-ten-video
File name:lvkahex.exe
Download: download sample
Signature Dridex
Create hunting rule
File size:217'088 bytes
First seen:2020-07-13 13:06:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1656aa7aa811a8db1ecbc8983c084712 (3 x Dridex)
ssdeep 3072:/3qD1yYw4tJhs6NDH4I4gRtthy4qrQwIP+U/SA/7Vhk9w+dpXXl4e:yZFwgsGDYgfthVllXSA/8pl4
Threatray 415 similar samples on MalwareBazaar
TLSH 97240276A2DD26A1E51AFE33B65B701F3A5056738323F4762A20D9B39D9D1850C3332B
Reporter abuse_ch
Tags:Dridex exe


Avatar
abuse_ch
Malspam distributing Dridex:

HELO: ou.sloweconomyconsultant.com
Sending IP: 45.135.132.71
From: Brynn Rosalinde <info@ou.sloweconomyconsultant.com>
Reply-To: info@boutiquedulivre.ca
Subject: RE: Invoice Due #2024795
Attachment: 0406464.xls

Dridex payload URL:
http://yumicha.xyz/lvkahex.exe

Botnet ID:
40400

Dridex C2s:
213.136.94.177:443
"217.20.166.178:4664
37.205.9.252:8443
70.39.251.94:3889

Intelligence

File Origin
# of uploads :
1
# of downloads :
261
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Generic.mg.024ffcd4c03f4cb0.13516.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Detection:
dridex
Create hunting rule
Link:
https://mwdb.cert.pl/sample/73849ce478a894f10589cc31aece7dcb8a39c1c43a4a5c401b2dae86b53bb9c7/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 13:08:05 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
1d452b5f3e5d2b6623d0ca35793dfc051e1bf8b237e360906ed055e819235604
Dridex
3c6054b564bc7c113d19d7604baafcd4b23824ecb34f8575e05458b9b1e46063
Dridex
3fd662d7caf82ecc8b61b4fa261bc51510851aa36099a85f66c2689c507e11d7
Dridex
6a05f362aa3b7f597181f694af55d4bddff4cf3e54798dae7fe884dd1faa0494
Dridex
c8cca37f43f4aa66b4bfbf811931c57971d2f1571cfebbb7d24235c07e108f26
Dridex
c9e605adb000dd5d2aa5dcd298c1b345d3ffec9d1db3adc40d18f149c4388bab
Dridex
ce90df48bfadeec34a0e41e19bb140fda94c59fe3d27095b517da6bba4f9eeb3
Dridex
d18d211cf75fbc048d785af92b76a1aa7a01e381313b1a5e66e9cf564cbe78d4
Dridex
d3d026f833f38db4e9c43dd3b7371c3826e39d16ed6c0dfd69301584c6ac4783
Dridex
f072b971950ba8a2e12c85501f0d63160f833df8411c5fa1cda8ac6261b27a2d
Dridex
+ 405 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200713-d432ja5tl6/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Dridex

Excel file xls 395ebad9dce58a546039d77911f86c274d7c0dc1869bd4eeb78d38133e9fee21

Dridex

Executable exe 73849ce478a894f10589cc31aece7dcb8a39c1c43a4a5c401b2dae86b53bb9c7

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/412443/
  
Dropped by
MD5 dcea304495cf7616a1598dfc9f4fc0b8
  
Dropped by
SHA256 395ebad9dce58a546039d77911f86c274d7c0dc1869bd4eeb78d38133e9fee21
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/25343/

Comments