MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 13465c0a54d49d9b334aa6be566338b760c422ef9ead8b489d9204c92f134314. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Emotet (aka Heodo)

Vendor detections: 8

Intelligence 8 IOCs YARA 1 File information Comments

SHA256 hash:	13465c0a54d49d9b334aa6be566338b760c422ef9ead8b489d9204c92f134314
SHA3-384 hash:	ccdf1456d74ca10a42b3494113571dac7dc9bb4c019834c18e109965c3a8d67b08f969abc5991ceb6d1c5b25029a5b00
SHA1 hash:	3dee78e644a6253d2a7b86f959f08d53fbdfb499
MD5 hash:	9010099859d7d999f4ad3635a7839174
humanhash:	maryland-tennessee-network-oven
File name:	emotet_exe_e5_13465c0a54d49d9b334aa6be566338b760c422ef9ead8b489d9204c92f134314_2022-04-25__022721.exe
Download:	download sample
Signature	Heodo Create hunting rule
File size:	605'669 bytes
First seen:	2022-04-25 02:27:26 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	078cf8e17700d87242408b8588acd2dc (28 x Heodo)
ssdeep	6144:y7k2Lgb63B3IjZbdup5yEqWQUM6xWtgW1MHqVsYNwKb2azO8DFm:y7pLgbqIjZbwqHUM6Ay7rYj2azO8Bm
Threatray	1'510 similar samples on MalwareBazaar
TLSH	T18FD49C0734D1C07AD2AF12708E46AFAEA7F9BA508F715AC3BB804B1D4E759DB9736110
TrID	40.5% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 17.0% (.SCR) Windows screen saver (13101/52/3) 13.6% (.EXE) Win64 Executable (generic) (10523/12/4) 8.5% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 6.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
File icon (PE):
dhash icon	71b119dcce576333 (3'570 x Heodo, 203 x TrickBot, 19 x Gh0stRAT)
Reporter	Cryptolaemus1
Tags:	dll Emotet epoch5 exe Heodo

Cryptolaemus1

Emotet epoch5 exe

Intelligence

File Origin

# of uploads :

# of downloads :

275

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/266209/

Detection(s):

SecuriteInfo.com.W32.AIDetect.malware2.15242.15542.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

greyware keylogger overlay packed shell32.dll

Link:

https://www.filescan.io/uploads/6266073df2342ecc743a5455/reports/322e4e57-e8e0-4e34-994b-1090b3c3c0fb/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Emotet

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/b4c5868d-c0de-40ac-9e68-0b02a491799a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/13465c0a54d49d9b334aa6be566338b760c422ef9ead8b489d9204c92f134314/

Threat name:

Win32.Trojan.Emotet

Status:

Malicious

First seen:

2022-04-25 02:28:08 UTC

File Type:

PE (Dll)

Extracted files:

AV detection:

18 of 26 (69.23%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=cndfycsu2sozwm2ku27fmyzyw5qmiixpt2wywse5sicmslytimka._file

Verdict:

malicious

Heodo

27aeca32e6f41ecd651b6f4552310e78a2251183eb18df7c13779ce02154deb6

Heodo

3577437bb2a8f7d84a50747334238a7f6928fe468047c9a1c3333339b31c8716

Heodo

4634f6646fb50e345ada7be39aab498ad71f621c2a478ad12ba3b90ebd39aee7

Heodo

4dc85110c7c0ab26efbbe6ce4ab42e449b7c02b3d3b76582f8bda3f960056538

Heodo

7532a2ad18a0ba68ec6e90791cc3eaf7d72a77fdeb3a8c6b99628b7b960bb9ec

Heodo

8eda6efd0d979c443c712a8668441f878a6d682cbdef2a5a19cf02d03111fe58

Heodo

bb85f3c32f938817976c427984420d185b0060b28b6e6fbcfb3c66c0ccb97215

Heodo

+ 1'500 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/220425-cxzvkafbhq/

Behaviour

Suspicious use of WriteProcessMemory

Unpacked files

SH256 hash:

13465c0a54d49d9b334aa6be566338b760c422ef9ead8b489d9204c92f134314

MD5 hash:

9010099859d7d999f4ad3635a7839174

SHA1 hash:

3dee78e644a6253d2a7b86f959f08d53fbdfb499

Link:

https://www.unpac.me/results/c2f7f0ab-b77e-4c83-acff-961d90c9c928/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.10

Link:

https://yomi.yoroi.company/submissions/13465c0a54d49d9b334aa6be566338b760c422ef9ead8b489d9204c92f134314

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	pdb2 Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/266209/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample