MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a109cfcf3760c09007ecefe53b1b2d63bbb256138238c2b0b0ea436b08e5acbe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a109cfcf3760c09007ecefe53b1b2d63bbb256138238c2b0b0ea436b08e5acbe
SHA3-384 hash: 2e5422738cb07200cc8e896fc856b77ba7f05ca05e0cbb1f754fb704cbcd79db456627d1ec3439ed8c2a781e9c331041
SHA1 hash: 929fb736f23a77fe46e40674f500ba220c556bbe
MD5 hash: 27324ca8e2bece039d430d51b9f66a6f
humanhash: pip-mobile-mars-mississippi
File name:mncejd.exe
Download: download sample
Signature Dridex
Create hunting rule
File size:196'608 bytes
First seen:2020-07-09 06:53:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7bef67479607a06a205cb5032f04f908 (3 x Dridex)
ssdeep 3072:3hrdAiAC7M+cmDxVjHMNPDA44aoHwIW0JSqN56RmPYQirT0jgd5wtJEO/2afKaE4:3hrCi/bVV7QPDA4xoHwI3JSqSRmPliXP
Threatray 636 similar samples on MalwareBazaar
TLSH 4A14125AB37CA4B6DACA387216548B3A40507D63893786677AC43E2C7F7D685F032326
Reporter JAMESWT_WT
Tags:Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
251
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Generic.mg.7b5ef9ae32ebf6d6.28718.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Detection:
dridex
Create hunting rule
Link:
https://mwdb.cert.pl/sample/a109cfcf3760c09007ecefe53b1b2d63bbb256138238c2b0b0ea436b08e5acbe/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 00:59:20 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
emotet
Create hunting rule
Similar samples:
1ae52558dadc5c5b388c0a64b6e54ead3280540b5a1db2d90f20d960257004dd
Dridex
39599008089755aa7cccb534b2c94ccb537f266018bb67ae3ed4b9f51c0a40b9
Dridex
3b15d18c463f3a0a6c2b2915d129924dd0791bc5252cfee280b9a6e296229403
Dridex
4fa82bcc428147d23e5abc86fb9bfdc61829d91094659e74250ac43ab9a73ab4
Dridex
69ee26ba2019f4cc30752f00a815a726795c8e898edffe739daa6e84e6c41ac2
Dridex
7629b2e44020de99d74665b6afb0877f1f9b192714302eff3a6b38f61f2d79f2
Dridex
93c97bf3711640d5bd8ff0c2033492b2cea7b81ef2ea0e6f6b2327913e9be9d7
Dridex
9c749e76dc4c135b3e3f87eac42b6aae70a8efec197f9d311917a665697c1bbd
Dridex
9f6ca81f9e658fca42b50aaacf38bb2aa842ae5ef28867883a69d4790f307fb4
Dridex
f8c974a6572fd522a64d22da3bf36db7e912ccb700bd41623ed286f1e8b0e939
Dridex
+ 626 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200709-8fsavyfqvn/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

Executable exe a109cfcf3760c09007ecefe53b1b2d63bbb256138238c2b0b0ea436b08e5acbe

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/408938/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/408940/
Cape
Cape
https://www.capesandbox.com/analysis/23436/

Comments