MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 04a4a362df8a82b80606bcf882aa01fa3c816a0db238f84f4dc37346651a8443. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Emotet (aka Heodo)

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	04a4a362df8a82b80606bcf882aa01fa3c816a0db238f84f4dc37346651a8443
SHA3-384 hash:	b745fb445c9ad722018732360defa2959089da63cdd34a7c5b8b99751a4db5026a70a4f73275950fcb8143793b61cf93
SHA1 hash:	b426ae57cc3f965c406a53354f520ce4e7d49fc9
MD5 hash:	9da4683f21257396b2a9d17b4093a11d
humanhash:	autumn-nebraska-uniform-alaska
File name:	emotet_exe_e5_04a4a362df8a82b80606bcf882aa01fa3c816a0db238f84f4dc37346651a8443_2022-04-16__020505.exe
Download:	download sample
Signature	Heodo Create hunting rule
File size:	500'456 bytes
First seen:	2022-04-16 02:05:11 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	c7be10fff3b5624b64714e5733abbf40 (246 x Heodo)
ssdeep	6144:S5uok8qcKhyMlSXVKfKGS4Tp3wb8iZ7B1yarhA7ArkqBoEimFmzUM090/DHr8cQB:S54yM33d3q3Z7BogxreNmF+U/9JckIA5
Threatray	394 similar samples on MalwareBazaar
TLSH	T1F9B45B0273C390F0C657A574840FD525AC76B83C6B19857EB28BA26F4BF78D09A346F9
TrID	48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 16.4% (.EXE) Win64 Executable (generic) (10523/12/4) 10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter	Cryptolaemus1
Tags:	dll Emotet epoch5 exe Heodo

Cryptolaemus1

Emotet epoch5 exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

275

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/264040/

Detection(s):

Win.Trojan.Generickdz-9942734-0

Win.Packed.Emotet-9942745-0

Win.Packed.Emotet-9942914-0

SecuriteInfo.com.Trojan.Emotet.1156.294.25564.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

conti emotet greyware keylogger overlay packed shell32.dll

Link:

https://www.filescan.io/uploads/625a248bffe27d5119e15fcd/reports/c85d2110-a624-46ea-8e8e-a7f9ca1d7907/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Emotet

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/8e932dac-5c41-43fc-9f4f-ae9c848c1087

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/04a4a362df8a82b80606bcf882aa01fa3c816a0db238f84f4dc37346651a8443/

Threat name:

Win32.Trojan.Emotet

Status:

Malicious

First seen:

2022-04-16 02:06:07 UTC

File Type:

PE (Dll)

AV detection:

20 of 26 (76.92%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=asskgyw7rkblqbqgxt4ifkqb7i6ic2qnwi4pqt2nynzumzi2qrbq._file

Verdict:

malicious

Similar samples:

16bf0f21a67295f658257deb725f73bc2f9f34b1898a4ee728206512d7a5b5da

1b730b7c685b854b82647b5bf55b3457af19d4f96e3f9e1c687008075d6ab6f1

81faa74582185e0014b727ba265105c44df734084bc35d0b2c05761a5ecf1aff

c86c90793348d175c253e9e4b2adfa13fb99a1b60b56eacc754ce5e2f8f7a7c8

de8b14f0d432c68b45259c647f34d926f9384101d308668322bf199921420773

+ 384 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/220416-cjebpsafe7/

Behaviour

Suspicious use of WriteProcessMemory

Unpacked files

SH256 hash:

04a4a362df8a82b80606bcf882aa01fa3c816a0db238f84f4dc37346651a8443

MD5 hash:

9da4683f21257396b2a9d17b4093a11d

SHA1 hash:

b426ae57cc3f965c406a53354f520ce4e7d49fc9

Link:

https://www.unpac.me/results/44041417-608c-43be-9e07-72d430788662/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/04a4a362df8a82b80606bcf882aa01fa3c816a0db238f84f4dc37346651a8443

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/264040/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample