MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ec9f6a70899278d8eecd7c501971b8381b9ef9affae659521f1e5009be15abc7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ec9f6a70899278d8eecd7c501971b8381b9ef9affae659521f1e5009be15abc7
SHA3-384 hash: 8a8b8d872f5e17bbcbf83e1af87d8c981e066590de5abfa677850ed48c8b391b52ba64d3e3c0cb54ab897b2ea4623f19
SHA1 hash: cc8aee82cd9275d29855b514f4f7e36ca2917d5f
MD5 hash: d9a7fb184f4a5144578ba478ea4ff2f9
humanhash: spring-uniform-shade-november
File name:SecuriteInfo.com.Heuristic.HEUR.Macro.Downloader.MRLC.Gen.9710
Download: download sample
Signature Dridex
Create hunting rule
File size:62'464 bytes
First seen:2020-03-18 17:35:10 UTC
Last seen:Never
File type:Excel file xlsx
MIME type:application/vnd.ms-excel
ssdeep 1536:ghAk3hbdlylKsgqopeJBWhZFGkE+cL2NdATyF5ifOeHv+xJpn45JwG3a1T:ghAk3hbdlylKsgqopeJBWhZFGkE+cL21
Threatray 273 similar samples on MalwareBazaar
TLSH 0A5329A7B296DA0ACE5507350CEBC6D67722FC642F53834B3289F31E1F75AC08A13656
Reporter SecuriteInfoCom
Tags:Dridex

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
TwinWave.EvilDoc.SubFuncArgToExecGreenRiver.20200313.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.WhenTheWorldStandsStill.20200413.UNOFFICIAL
Create hunting rule

Xls.Dropper.Agent-7632781-0
Create hunting rule

Result
Threat name:
Unknown
Detection:
malicious
Classification:
expl
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/329783
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
Document-Word.Trojan.Rdn
Create hunting rule
Status:
Malicious
First seen:
2020-03-18 12:19:23 UTC
File Type:
Document
Extracted files:
25
AV detection:
28 of 48 (58.33%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5spwu4ejsj4nr3wnpribs4nyhanz56np7ltfsuq7dziatpqvvpdq._file
Verdict:
malicious
Label(s):
dridex
Create hunting rule
gozi
Create hunting rule
Similar samples:
0b02474d4fc4a2d7d4b43562c4b8532e9880941610be7a955ce740fd6f959ac9
Dridex
33f58c125b2149fd2d4ab64d7014ba25b423bd8f190b0aac13e0de8c88049684
Dridex
3d0f043627dea5de72eae3fd54dd228dcc4320e8802200dbf21bcbe1cce0bf4a
Dridex
41a3586da1ade6096a5d254c93d071ed5bdd702ddbff61b5db3473495de412e6
Dridex
5528a39d6f2ca52ad81f936c75e2036cb91d0e88824f7a5abd67a601314b66bb
Dridex
6067b4d4febf1c025385eab5f40934d1ffe00e3ce2d6f5bb8f6481689d48ae72
Dridex
78839fce69215d10637ea20a38b1108b8e69719e8ac53b79b0f34d30d6b340a0
Dridex
962f378f2e541433349acb928affd380f6d4960443ab39588115f920f43c71c6
Dridex
aa4d510f35a686b54ce2a26ae399ef7e9dccc1846b561fd741cf2469b6a77fb4
Dridex
d3d026f833f38db4e9c43dd3b7371c3826e39d16ed6c0dfd69301584c6ac4783
Dridex
+ 263 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ec9f6a70899278d8eecd7c501971b8381b9ef9affae659521f1e5009be15abc7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments