MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9f6ca81f9e658fca42b50aaacf38bb2aa842ae5ef28867883a69d4790f307fb4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9f6ca81f9e658fca42b50aaacf38bb2aa842ae5ef28867883a69d4790f307fb4
SHA3-384 hash: ef539521be45a80adce9b4bf796363f75c50be0c662fad11905d56dd3428b824c484b4ed247a942c4ca177e8688ec0e1
SHA1 hash: 3bbcc1658c20cd785cdcd4c82111941f938ecba7
MD5 hash: 8092baee3c9f70fad5f98c33212d660f
humanhash: wyoming-delaware-mobile-artist
File name:mncejd.exe
Download: download sample
Signature Dridex
Create hunting rule
File size:196'608 bytes
First seen:2020-07-08 13:53:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7bef67479607a06a205cb5032f04f908 (3 x Dridex)
ssdeep 3072:9hrdAiAC7M+cmDxVjHMNPDA44aoHwIW0JSqN56RmPYQirT4jgd5wtJEO/2afKaE4:9hrCi/bVV7QPDA4xoHwI3JSqSRmPliXr
Threatray 636 similar samples on MalwareBazaar
TLSH 81141259B37CA4B6DACA387216548B3A40507D63893786677AC43E2C7F7D685F032326
Reporter JAMESWT_WT
Tags:Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
260
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Generic.mg.7b5ef9ae32ebf6d6.28718.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Detection:
dridex
Create hunting rule
Link:
https://mwdb.cert.pl/sample/9f6ca81f9e658fca42b50aaacf38bb2aa842ae5ef28867883a69d4790f307fb4/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-07-08 13:55:05 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
emotet
Create hunting rule
Similar samples:
1ae52558dadc5c5b388c0a64b6e54ead3280540b5a1db2d90f20d960257004dd
Dridex
39599008089755aa7cccb534b2c94ccb537f266018bb67ae3ed4b9f51c0a40b9
Dridex
3b15d18c463f3a0a6c2b2915d129924dd0791bc5252cfee280b9a6e296229403
Dridex
4fa82bcc428147d23e5abc86fb9bfdc61829d91094659e74250ac43ab9a73ab4
Dridex
69ee26ba2019f4cc30752f00a815a726795c8e898edffe739daa6e84e6c41ac2
Dridex
7629b2e44020de99d74665b6afb0877f1f9b192714302eff3a6b38f61f2d79f2
Dridex
93c97bf3711640d5bd8ff0c2033492b2cea7b81ef2ea0e6f6b2327913e9be9d7
Dridex
9c749e76dc4c135b3e3f87eac42b6aae70a8efec197f9d311917a665697c1bbd
Dridex
a109cfcf3760c09007ecefe53b1b2d63bbb256138238c2b0b0ea436b08e5acbe
Dridex
f8c974a6572fd522a64d22da3bf36db7e912ccb700bd41623ed286f1e8b0e939
Dridex
+ 626 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200708-vp1jyp7v4a/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

Executable exe 9f6ca81f9e658fca42b50aaacf38bb2aa842ae5ef28867883a69d4790f307fb4

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/408938/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/408940/
Cape
Cape
https://www.capesandbox.com/analysis/23136/

Comments