MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 53bdf298136671fbd0439a89acb040c5050682e1cd70e5cd90ef2bd3b2a552f0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Emotet (aka Heodo)

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	53bdf298136671fbd0439a89acb040c5050682e1cd70e5cd90ef2bd3b2a552f0
SHA3-384 hash:	b89c628f58c2c45d8bb5efd9c6ae672164c1cd8b65db8f854afc33dbee4fecce9ea0209b4510e1c05f179feea67f6f82
SHA1 hash:	4734562360c8e7feb9856332902204f6c65fc9d1
MD5 hash:	905280bccd6a060db5abb8ef02bf4d35
humanhash:	lithium-bluebird-william-delta
File name:	emotet_exe_e5_53bdf298136671fbd0439a89acb040c5050682e1cd70e5cd90ef2bd3b2a552f0_2021-11-19__071208.exe
Download:	download sample
Signature	Heodo Create hunting rule
File size:	488'448 bytes
First seen:	2021-11-19 07:12:13 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	faaa0f8f720b9e939fe2971010f39e24 (14 x Heodo)
ssdeep	6144:H+cR0IAEb+CAh+X98eKOwdt7a56AOMXo49p3gJlp+6n1A4QimgjZv4SU:H+cRXF7t8eRwT66CXlpEl1AtIjZvFU
Threatray	125 similar samples on MalwareBazaar
TLSH	T124A4BE02B482E472E0AE14342978D7A60E6D7DB40FA8C9D777E81A6D4F752C35F31A36
Reporter	Cryptolaemus1
Tags:	dll Emotet epoch5 exe Heodo

Cryptolaemus1

Emotet epoch5 exe

Intelligence

File Origin

# of uploads :

# of downloads :

167

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Detection(s):

SecuriteInfo.com.Variant.Fragtor.42427.13097.875.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

DNS request

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/61974e8e43e8f62b669a02bf/reports/d652ca60-eb69-42fb-a570-7bd626838180/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/f31f0bfd-0db3-4b31-ae71-25513149a3fb

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/53bdf298136671fbd0439a89acb040c5050682e1cd70e5cd90ef2bd3b2a552f0/

Threat name:

Win32.Trojan.Fragtor

Status:

Malicious

First seen:

2021-11-19 07:13:14 UTC

AV detection:

9 of 44 (20.45%)

Threat level:

5/5

Verdict:

malicious

Label(s):

emotet

Result

Malware family:

n/a

Score:

10/10

Tags:

n/a

Link:

https://tria.ge/reports/211119-h147cahedn/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Suspicious use of NtCreateProcessExOtherParentProcess

Unpacked files

SH256 hash:

3e4d5d9bb694766fcce4d70af60134acf824b4a90251b319d49b542a33885ae4

MD5 hash:

42d824f894d99f9d10771ff682569bb1

SHA1 hash:

c757cbd0bb693ccb3e73479d8d18f0ee3a54a155

Detections:

win_emotet_a2

win_emotet_auto

Link:

https://www.unpac.me/results/3ef2aa79-1234-468f-b4dd-cdfb62973052/

SH256 hash:

53bdf298136671fbd0439a89acb040c5050682e1cd70e5cd90ef2bd3b2a552f0

MD5 hash:

905280bccd6a060db5abb8ef02bf4d35

SHA1 hash:

4734562360c8e7feb9856332902204f6c65fc9d1

Link:

https://www.unpac.me/results/3ef2aa79-1234-468f-b4dd-cdfb62973052/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/53bdf298136671fbd0439a89acb040c5050682e1cd70e5cd90ef2bd3b2a552f0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/207494/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample