MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e06789e952991e6fc483ab0e6bbf08a123922ba354a75c9dc9dcc759c60c194. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 5


Intelligence 5 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8e06789e952991e6fc483ab0e6bbf08a123922ba354a75c9dc9dcc759c60c194
SHA3-384 hash: 463a6e3832b2ed85889ff67826e43b845c2efa9b618041f8ba09d08405e9715cf40bae2f2714b52a433a2767cc2380f6
SHA1 hash: 8eba62859b7e62eb67fa758fac43f5c481b6be76
MD5 hash: b697665a48ca3067425ac423ff3bd532
humanhash: orange-bluebird-kentucky-fruit
File name:SecuriteInfo.com.BehavesLike.Downloader.ll.17567
Download: download sample
Signature Dridex
Create hunting rule
File size:72'704 bytes
First seen:2020-04-27 19:45:14 UTC
Last seen:2020-04-27 19:46:33 UTC
File type:Excel file xlsx
MIME type:application/vnd.ms-excel
ssdeep 1536:jowhyNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAmcMwnE4ehxm9WBKzf3wm3ak4d:jowhyNk3hbdlylKsgqopeJBWhZFGkE+H
Threatray 89 similar samples on MalwareBazaar
TLSH 456329A3B69AC90AC94507314DEBC6A67733FC652F57934F3188F32E1F766808A12716
Reporter SecuriteInfoCom
Tags:Dridex

Intelligence

File Origin
# of uploads :
2
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
TwinWave.EvilDoc.Dridex.20200420.UNOFFICIAL
Create hunting rule

Xls.Malware.Agent-7700489-0
Create hunting rule

Result
Threat name:
Unknown
Detection:
malicious
Classification:
expl
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/354106
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
Document-Word.Trojan.Rdn
Create hunting rule
Status:
Malicious
First seen:
2020-04-27 14:15:48 UTC
File Type:
Document
Extracted files:
32
AV detection:
21 of 31 (67.74%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rydhrhuvfgi6n7cihkyono7qrijdsiv2gvfhlso4txghlhdaygka._file
Verdict:
malicious
Label(s):
dridex
Create hunting rule
gozi
Create hunting rule
Similar samples:
1dc170fb1ca9e7a48b7b866d7ef0af55d84a7ff819864a5f83ddf9ddf08ffe7e
Dridex
1f37c2f248055cb841d03dfdf70260f3b16723476c4dde4c73e3fcca8e33f9c3
Dridex
3e45e4e497c317498972fa7789dc00c83b963f8993cd4af4c316291f8745f2c9
Dridex
506569bf0305f717b4735b36424acfff542841d31e3d229afd14a40816eea947
Dridex
5ade0c4492ffe4b77776543635a5cad0eef6d4a207f69dac0a59f9ad76aa42ba
Dridex
72baaecfb7c235e5ecd08aa1d8d8e210edc452f230ece050e1e02badbafadf67
Dridex
75d79cd50c0f3def32be69db58e716d7094006636c8ff9479254ff34224d327e
Dridex
8168819cb693a3a04f771ee119ca00e631a74f09419ad295c5088f1e7a430e98
Dridex
9e97fefe6532aa26f3e02b14d750be78b7c0774f91f7ccd1518906e7ab34b68f
Dridex
f32072d7d581e1a8d04c47b21dafadd58e3dccc3aa0188d7f95f6867944475e0
Dridex
+ 79 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_Dridex_xls_20200522
Create hunting rule
Author:abuse.ch
Rule name:SharedStrings
Create hunting rule
Author:Katie Kleemola
Description:Internal names found in LURK0/CCTV0 samples
Rule name:win_alina_pos_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator
Rule name:win_gootkit_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments