MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4b353a48e2656b8c5ce1f5028135b3aa231488175108d7a5634e2f5161091443. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Emotet (aka Heodo)

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	4b353a48e2656b8c5ce1f5028135b3aa231488175108d7a5634e2f5161091443
SHA3-384 hash:	7032dd110eb9bb6d4501fb41ea3700bc07ee0c3816630d19ad8454336e1429ecfa3d1db221a6481ecc96a38f7d5e7c83
SHA1 hash:	148d685a0df8a4904944717ceb12ac8982dd39a7
MD5 hash:	481d59c3096aff22ec8c51456393464a
humanhash:	juliet-uniform-march-juliet
File name:	emotet_exe_e4_4b353a48e2656b8c5ce1f5028135b3aa231488175108d7a5634e2f5161091443_2021-12-02__000442.exe
Download:	download sample
Signature	Heodo Create hunting rule
File size:	472'064 bytes
First seen:	2021-12-02 00:04:50 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	171ec87b04dbf6cc5aa2b57f2bec0e02 (11 x Heodo)
ssdeep	12288:bRCSNg9VtfjQRVcVTd4qoxHbGeJsjyyP79iAM7/3+/Z1:NCh5sQTgxsjyUinE
Threatray	144 similar samples on MalwareBazaar
TLSH	T137A4BF50F942C471D9AE11303869F6EA063D7D204FA589EB77D42F3E4E312C1AB3966B
Reporter	Cryptolaemus1
Tags:	dll Emotet epoch4 exe Heodo

Cryptolaemus1

Emotet epoch4 exe

Intelligence

File Origin

# of uploads :

# of downloads :

115

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/210509/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a custom TCP request

Launching a process

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/61a80db386bf67e7121e761f/reports/663642ec-5d6d-4d1f-8e08-a53a7c37a275/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/b6e27bd0-3c3d-4c29-81d7-4d009e266ba9

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4b353a48e2656b8c5ce1f5028135b3aa231488175108d7a5634e2f5161091443/

Threat name:

Win32.Trojan.Fragtor

Status:

Malicious

First seen:

2021-12-02 00:21:44 UTC

AV detection:

16 of 45 (35.56%)

Threat level:

5/5

Verdict:

malicious

Label(s):

emotet

Result

Malware family:

n/a

Score:

10/10

Tags:

n/a

Link:

https://tria.ge/reports/211202-ac7nkahafp/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Suspicious use of NtCreateProcessExOtherParentProcess

Unpacked files

SH256 hash:

9b1d46737592be548c4d73d04d377fdaf678fe33c8204c6533eaa83def4fc104

MD5 hash:

6f2a75a8256195f2d2eb66b5a44cc538

SHA1 hash:

2825a63091dd9e7f7541dd8283ded4716d7c14ff

Detections:

win_emotet_a2

win_emotet_auto

Link:

https://www.unpac.me/results/495f9ea7-a089-406a-a53d-d635478db5b7/

SH256 hash:

4b353a48e2656b8c5ce1f5028135b3aa231488175108d7a5634e2f5161091443

MD5 hash:

481d59c3096aff22ec8c51456393464a

SHA1 hash:

148d685a0df8a4904944717ceb12ac8982dd39a7

Link:

https://www.unpac.me/results/495f9ea7-a089-406a-a53d-d635478db5b7/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/4b353a48e2656b8c5ce1f5028135b3aa231488175108d7a5634e2f5161091443

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/210509/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample