MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 48d84c3b1cd7bb887d2602c3690121d9228ce2bfbabc967cc5ff300439eab24a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Emotet (aka Heodo)

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	48d84c3b1cd7bb887d2602c3690121d9228ce2bfbabc967cc5ff300439eab24a
SHA3-384 hash:	40693a18fcbae2314821f906c183b5b89fff11676f27b4e4fc21038fb89a18a9b4eedfc2b4ecafb24333e827466e10c7
SHA1 hash:	b7cb2f29f3a8ee2871e24bf176305da00457f579
MD5 hash:	94f6d09c5066d018c90f69e90773fbb6
humanhash:	carbon-artist-carbon-charlie
File name:	emotet_exe_e5_48d84c3b1cd7bb887d2602c3690121d9228ce2bfbabc967cc5ff300439eab24a_2021-12-03__000306.exe
Download:	download sample
Signature	Heodo Create hunting rule
File size:	460'288 bytes
First seen:	2021-12-03 00:03:14 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	479782c40538d0c8b72b2791f9b6cfc8 (37 x Heodo)
ssdeep	6144:31v9X/WHuR1R0bB5HKg0EWBe0uCvn7DOPnAOEiZ1uxc16uoSr4j7G63up9A2:31J/WHlN5HKcWEMn70gxnuF+jKx
Threatray	614 similar samples on MalwareBazaar
TLSH	T15FA4C010B682C032D5BF0134643ADAA605BE7C718BB1C4EBB3D42B7E5E356C15B35AA7
Reporter	Cryptolaemus1
Tags:	dll Emotet epoch5 exe Heodo

Cryptolaemus1

Emotet epoch5 exe

Intelligence

File Origin

# of uploads :

# of downloads :

125

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/210903/

Detection(s):

SecuriteInfo.com.Variant.Zusy.409265.15420.8264.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/61a95efa47ed217c012f3ffe/reports/de778516-ac46-47c0-8281-7e4b9f97dd96/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/064b8f81-aa54-4238-a7d3-385cb5a645af

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/48d84c3b1cd7bb887d2602c3690121d9228ce2bfbabc967cc5ff300439eab24a/

Threat name:

Win32.Trojan.Emotet

Status:

Malicious

First seen:

2021-12-03 00:25:40 UTC

AV detection:

24 of 27 (88.89%)

Threat level:

5/5

Verdict:

malicious

Label(s):

emotet

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/211203-acqeaagad2/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Unpacked files

SH256 hash:

072a8592530a008eeafb704a173a51074e488cedca2425ea2c4415e8faf2205d

MD5 hash:

7a22be29beb8da92e3a747b41ee549ac

SHA1 hash:

27500028d1093759fb5e46658631c45d1503efb8

Detections:

win_emotet_a2

win_emotet_auto

Link:

https://www.unpac.me/results/09cdeba5-497e-4646-ba89-1b44f78d3a93/

SH256 hash:

48d84c3b1cd7bb887d2602c3690121d9228ce2bfbabc967cc5ff300439eab24a

MD5 hash:

94f6d09c5066d018c90f69e90773fbb6

SHA1 hash:

b7cb2f29f3a8ee2871e24bf176305da00457f579

Link:

https://www.unpac.me/results/09cdeba5-497e-4646-ba89-1b44f78d3a93/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/48d84c3b1cd7bb887d2602c3690121d9228ce2bfbabc967cc5ff300439eab24a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/210903/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample