MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c6cdb5139fdc915f452ff2d5b3cb58cdf23538b0b8a151c912ed3b07d9c3ecf9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c6cdb5139fdc915f452ff2d5b3cb58cdf23538b0b8a151c912ed3b07d9c3ecf9
SHA3-384 hash: ce4a69cd118e10d247cae37e391136d97d70bcf561e823fa2e66380628d306aed2c253e347d8e6a4255bef5855cdd7c7
SHA1 hash: 04f92b7f82086fc6849be56687513ef7a1fec408
MD5 hash: a6e6d91ba6cb87627952e9472ed3c0fa
humanhash: cardinal-nuts-solar-social
File name:purge
Download: download sample
Signature Dridex
Create hunting rule
File size:217'088 bytes
First seen:2020-05-06 15:51:43 UTC
Last seen:2020-05-06 16:46:31 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ea0dfd7d7d868b00c22349782ea4b1a2 (3 x Dridex)
ssdeep 6144:TLMD6U18+P94did4uwrh6vwhCxgOvYNwuYmbDx:kDI+P9wid6QwCZvYNRYmR
Threatray 96 similar samples on MalwareBazaar
TLSH 88241384A3FA52D8D91B4431B20EF437D272512C0D9A8BB7CD2CF4DED1E5183ACB25A9
Reporter j_dubp
Tags:Dridex


Avatar
j_dubp
Excel 4.0 Macro file ea973931fd2a9a0b5eadba754d95ef32 dropping #dridex

Intelligence

File Origin
# of uploads :
2
# of downloads :
124
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis.20298.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-05-07 01:31:30 UTC
File Type:
PE (Exe)
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=y3g3ke473siv6rjp6lk3hs2yzxzdkofqxcqvdsis5u5qpwod5t4q._file
Verdict:
suspicious
Similar samples:
1561967cff081a9b139de45a82e6a61e2f5b01834d4666f2fc88cf0c52220268
Dridex
1cdadad999b9e70c87560fcd9821c2b0fa4c0a92b8f79bded44935dd4fdc76a5
Dridex
2ba1c6028593abc20b0f03b311123293b2503db0c76be21880dd26493fa0706f
Dridex
5b4e56b4e7f014e7b4febd123e4876b2af4c23a74c17b7986969f07798a089cb
Dridex
7eb56d98f341b98164b70f34d5f4008a07f3fe9d02943ddc7edeacb05f6dd5ef
Dridex
9fdf001f730abe9e97454ce266d79326fb6e7c02fa6f3c16a7bbf5485ef674c4
Dridex
d2e4ef567c497136b0b0b75929ef07643296ca2814b6b0f19303ee29cb194cb1
Dridex
d54b73a94d481ee2917e42ba3d4ea3b70f368bb13cebf5b8824257907ac84ff1
Dridex
e4d422f3cdbfd7c2455e563222ecc5fbd3c24f467d06e6b8944534788f0c9b57
Dridex
f8c94e76f4d756924bf929b32f85158bc81911ce4a606af67e37460405e0ad3f
Dridex
+ 86 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet loader evasion trojan
Link:
https://tria.ge/reports/201109-8ch2fg5bwn/
Behaviour
Checks whether UAC is enabled
Dridex Loader
Dridex
Malware Config
C2 Extraction:
38.88.126.131:443
145.239.169.32:8443
163.172.7.152:443
45.79.135.98:691
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dridex

Executable exe c6cdb5139fdc915f452ff2d5b3cb58cdf23538b0b8a151c912ed3b07d9c3ecf9

(this sample)

ea973931fd2a9a0b5eadba754d95ef32

anyrun
any.run
https://app.any.run/tasks/2e099c7d-7f14-43c8-a3f8-035183bf3f73
  
Dropping
MD5 ea973931fd2a9a0b5eadba754d95ef32

Comments