MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4993f60879671ecf0d70059ed79c01a4d8e99ee3bb1ef9e647d7129542d695ec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Emotet (aka Heodo)


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments

SHA256 hash: 4993f60879671ecf0d70059ed79c01a4d8e99ee3bb1ef9e647d7129542d695ec
SHA3-384 hash: 407655e4172532045baf9fe98a96ebbaa750214a45750d485eb6003d0867f340cf28559cdb3edc2be39b76c6aa20925b
SHA1 hash: 3f05a3c64007dadbeb6745402ad9e59182e6c1cb
MD5 hash: fbdfd3f572e46eadf751a81b4427474e
humanhash: venus-arizona-winner-wyoming
File name:emotet_exe_e4_b1dfa3142755ab85b97dc475c54d7549e7327d67e59ce9e1f3559c9f313d9a27_2022-04-14__111735.exe
Download: download sample
Signature Heodo
File size:753'664 bytes
First seen:2022-04-14 11:17:42 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 6eb736b73a786957562fd323f3abbe25 (38 x Heodo)
ssdeep 12288:XoynYqMo1upvhV9WsLQFxCXvkgKtuBdfMAofD:4yn2V9DLQFxC3KMBdkAofD
TLSH T176F4AFC97691C132DEBB6B788926D2A05EADBCD05A70CF0B1E44396C7E32D40CD297D6
TrID 63.4% (.CPL) Windows Control Panel Item (generic) (197083/11/60)
13.8% (.EXE) InstallShield setup (43053/19/16)
10.0% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
4.2% (.SCR) Windows screen saver (13101/52/3)
3.3% (.EXE) Win64 Executable (generic) (10523/12/4)
File icon (PE):PE icon
dhash icon 78f0f2f9d8f8f0cc (69 x Heodo)
Reporter Cryptolaemus1
Tags:dll Emotet epoch4 exe Heodo


Avatar
Cryptolaemus1
Emotet epoch4 exe

Intelligence


File Origin
# of uploads :
1
# of downloads :
256
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
emotet greyware keylogger overlay packed shell32.dll update.exe zusy
Threat name:
Win32.Trojan.Emotet
Status:
Malicious
First seen:
2022-04-14 11:18:07 UTC
File Type:
PE (Dll)
Extracted files:
39
AV detection:
21 of 42 (50.00%)
Threat level:
  5/5
Verdict:
malicious
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
4993f60879671ecf0d70059ed79c01a4d8e99ee3bb1ef9e647d7129542d695ec
MD5 hash:
fbdfd3f572e46eadf751a81b4427474e
SHA1 hash:
3f05a3c64007dadbeb6745402ad9e59182e6c1cb
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments