MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f8c974a6572fd522a64d22da3bf36db7e912ccb700bd41623ed286f1e8b0e939. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Dridex


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f8c974a6572fd522a64d22da3bf36db7e912ccb700bd41623ed286f1e8b0e939
SHA3-384 hash: 3de16cfdef0f7891f6057d5c1d991f4e787d6740c4f77653677b1bbb9c0fc9fd369984482184ccbb2e7a41720b44335c
SHA1 hash: 73a806a848970059f81b4894866b7463fdd50011
MD5 hash: 7b5ef9ae32ebf6d68ac064f38eea2ce2
humanhash: juliet-alabama-california-beer
File name:mncejd.exe
Download: download sample
Signature Dridex
Create hunting rule
File size:196'608 bytes
First seen:2020-07-08 13:04:59 UTC
Last seen:2020-07-08 13:53:49 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7bef67479607a06a205cb5032f04f908 (3 x Dridex)
ssdeep 3072:DhrdAiAC7M+cmDxVjHMNPDA44aoHwIW0JSqN56RmPYQirTXjgd5wtJEO/2afKaE4:DhrCi/bVV7QPDA4xoHwI3JSqSRmPliX4
Threatray 636 similar samples on MalwareBazaar
TLSH 3114125AB37CA4B6DACA387216548B3B40507D63893786677AC43E2C7F7D685F032326
Reporter abuse_ch
Tags:Dridex exe


Avatar
abuse_ch
Dridex payload URL:
http://rocesi.com/mncejd.exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
266
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Generic.mg.7b5ef9ae32ebf6d6.28718.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Detection:
dridex
Create hunting rule
Link:
https://mwdb.cert.pl/sample/f8c974a6572fd522a64d22da3bf36db7e912ccb700bd41623ed286f1e8b0e939/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-07-08 13:06:07 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7dexjjsxf7ksfjsnelndx43nw7urftfxac6ucyr62kdpd2fq5e4q._file
Verdict:
malicious
Label(s):
emotet
Create hunting rule
Similar samples:
1ae52558dadc5c5b388c0a64b6e54ead3280540b5a1db2d90f20d960257004dd
Dridex
39599008089755aa7cccb534b2c94ccb537f266018bb67ae3ed4b9f51c0a40b9
Dridex
3b15d18c463f3a0a6c2b2915d129924dd0791bc5252cfee280b9a6e296229403
Dridex
4fa82bcc428147d23e5abc86fb9bfdc61829d91094659e74250ac43ab9a73ab4
Dridex
69ee26ba2019f4cc30752f00a815a726795c8e898edffe739daa6e84e6c41ac2
Dridex
7629b2e44020de99d74665b6afb0877f1f9b192714302eff3a6b38f61f2d79f2
Dridex
93c97bf3711640d5bd8ff0c2033492b2cea7b81ef2ea0e6f6b2327913e9be9d7
Dridex
9c749e76dc4c135b3e3f87eac42b6aae70a8efec197f9d311917a665697c1bbd
Dridex
9f6ca81f9e658fca42b50aaacf38bb2aa842ae5ef28867883a69d4790f307fb4
Dridex
a109cfcf3760c09007ecefe53b1b2d63bbb256138238c2b0b0ea436b08e5acbe
Dridex
+ 626 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200708-v4vpmxgkms/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dridex

Excel file xls 0494b125b6466f26f83f3a63b8b89fa9c6bf5ed36e5fcc2bbd5edfa56e122f99

Dridex

Executable exe f8c974a6572fd522a64d22da3bf36db7e912ccb700bd41623ed286f1e8b0e939

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/408938/
  
Dropped by
MD5 9d1bdc2bca0b7414e62555f3d97e0348
  
Dropped by
SHA256 0494b125b6466f26f83f3a63b8b89fa9c6bf5ed36e5fcc2bbd5edfa56e122f99
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/23118/

Comments