MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 307374bce2849b04aa3e64c30ab62e6ee34bcaed2f02b5f1b487224e0e7f008f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Emotet (aka Heodo)


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments

SHA256 hash: 307374bce2849b04aa3e64c30ab62e6ee34bcaed2f02b5f1b487224e0e7f008f
SHA3-384 hash: 0d783333d26a5f2375ad2860b8ce411e70cc6621156e8ea661ae7223a1d854abf9bfdf088afaa34f1797ef7a8814160d
SHA1 hash: 2165ef2e4e22f1e2c88f8e7f4071c17a52e0139e
MD5 hash: 003b1db5436e7a739d767daead074217
humanhash: king-south-undress-october
File name:emotet_exe_e3_307374bce2849b04aa3e64c30ab62e6ee34bcaed2f02b5f1b487224e0e7f008f_2020-12-28__203152.exe
Download: download sample
Signature Heodo
File size:527'872 bytes
First seen:2020-12-28 20:31:56 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 0c8e7bcd452798b457f58e9bd0178322 (16 x Heodo)
ssdeep 6144:7FTuPdeCm7WaSN2uDoqssJP46gbUpqcLS0NIItZPThGx4Tc:7Z2diyaSIupssZZUuNNlGeTc
Threatray 687 similar samples on MalwareBazaar
TLSH 07B4AD21B5C5A039D4EA91722664AB8319BE7CB24B6189CB6FFC3D0917741C3E735B23
Reporter Cryptolaemus1
Tags:Emotet epoch3 exe Heodo


Avatar
Cryptolaemus1
Emotet epoch3 exe

Intelligence


File Origin
# of uploads :
1
# of downloads :
309
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Threat name:
Win32.Trojan.EmotetCrypt
Status:
Malicious
First seen:
2020-12-28 20:32:10 UTC
AV detection:
13 of 29 (44.83%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Blocklisted process makes network request
Unpacked files
SH256 hash:
307374bce2849b04aa3e64c30ab62e6ee34bcaed2f02b5f1b487224e0e7f008f
MD5 hash:
003b1db5436e7a739d767daead074217
SHA1 hash:
2165ef2e4e22f1e2c88f8e7f4071c17a52e0139e
SH256 hash:
6055aeac1326cba79019f5cad4f7b3e0ef9253d71793dbf36667dc914bf792ed
MD5 hash:
11f7b6827cfe56164de409bc1a44ff7b
SHA1 hash:
4b8edfc867453851aa5e91692cc9ceadbfecfced
Detections:
win_emotet_a2
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments