MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e4d422f3cdbfd7c2455e563222ecc5fbd3c24f467d06e6b8944534788f0c9b57. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e4d422f3cdbfd7c2455e563222ecc5fbd3c24f467d06e6b8944534788f0c9b57
SHA3-384 hash: c17ca1b215723227fdf443c01dfde8e9ddd1a84f7b0f752090a20a8b6c0cc37d8faf5550040ee4e9235f47b905cc900b
SHA1 hash: 7532e048d11711d07e5e43c889c4ba2c5dad8ffb
MD5 hash: 71636a7b66ba00dcbec4cd27d0cb0c51
humanhash: massachusetts-mobile-eleven-spring
File name:71636a7b66ba00dcbec4cd27d0cb0c51.exe
Download: download sample
Signature Dridex
Create hunting rule
File size:217'088 bytes
First seen:2020-05-06 18:48:30 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ea0dfd7d7d868b00c22349782ea4b1a2 (3 x Dridex)
ssdeep 6144:6LMD6U18+P94did4uwrh6vwhCxgOvYNwuYmbDx:LDI+P9wid6QwCZvYNRYmR
Threatray 96 similar samples on MalwareBazaar
TLSH BC241384A3FA52D8E91B4431B20EF437D276512C0D9A8BB7CD2CF4DED1D5183ACB15A9
Reporter abuse_ch
Tags:Dridex exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
118
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis.20298.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 18:27:57 UTC
File Type:
PE (Exe)
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4tkcf46nx7l4erk6kyzcf3gf7pj4et2gpudonoeuiu2hrdymtnlq._file
Verdict:
suspicious
Similar samples:
1561967cff081a9b139de45a82e6a61e2f5b01834d4666f2fc88cf0c52220268
Dridex
1cdadad999b9e70c87560fcd9821c2b0fa4c0a92b8f79bded44935dd4fdc76a5
Dridex
2ba1c6028593abc20b0f03b311123293b2503db0c76be21880dd26493fa0706f
Dridex
5b4e56b4e7f014e7b4febd123e4876b2af4c23a74c17b7986969f07798a089cb
Dridex
7eb56d98f341b98164b70f34d5f4008a07f3fe9d02943ddc7edeacb05f6dd5ef
Dridex
9fdf001f730abe9e97454ce266d79326fb6e7c02fa6f3c16a7bbf5485ef674c4
Dridex
c6cdb5139fdc915f452ff2d5b3cb58cdf23538b0b8a151c912ed3b07d9c3ecf9
Dridex
d2e4ef567c497136b0b0b75929ef07643296ca2814b6b0f19303ee29cb194cb1
Dridex
d54b73a94d481ee2917e42ba3d4ea3b70f368bb13cebf5b8824257907ac84ff1
Dridex
f8c94e76f4d756924bf929b32f85158bc81911ce4a606af67e37460405e0ad3f
Dridex
+ 86 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet loader evasion trojan
Link:
https://tria.ge/reports/201109-khwalk1xka/
Behaviour
Checks whether UAC is enabled
Dridex Loader
Dridex
Malware Config
C2 Extraction:
38.88.126.131:443
145.239.169.32:8443
163.172.7.152:443
45.79.135.98:691
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Dridex

Executable exe e4d422f3cdbfd7c2455e563222ecc5fbd3c24f467d06e6b8944534788f0c9b57

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/358952/
  
Delivery method
Distributed via web download

Comments