MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 54b3fba1cdbefbf9c8e75ef2cf06d5ca1dec242d036a636263a53672772e661a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Emotet (aka Heodo)

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	54b3fba1cdbefbf9c8e75ef2cf06d5ca1dec242d036a636263a53672772e661a
SHA3-384 hash:	244f66b628dadfe0553e7e1432483d6282841bc42c1d8f686978dafe3afb0a21dd9006b5c5f6ace0afea5c00698dab39
SHA1 hash:	90e9bd4eed83bf1f2138a05e668ba0b92eda8870
MD5 hash:	9771c429dd8fc6656f2726b7176c7f10
humanhash:	social-golf-mockingbird-oregon
File name:	emotet_exe_e5_54b3fba1cdbefbf9c8e75ef2cf06d5ca1dec242d036a636263a53672772e661a_2022-04-17__035322.exe
Download:	download sample
Signature	Heodo Create hunting rule
File size:	333'949 bytes
First seen:	2022-04-17 03:53:26 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	196752bd65f33bc6f5dd0426f39259ae (92 x Heodo)
ssdeep	6144:buZlJOFmzvtg1Eyid5GX5BVhthqnhdDpV+WWT8JKyTp+:bGptged525pthqnhB+RUKyTp+
Threatray	267 similar samples on MalwareBazaar
TLSH	T186649D21B6D1C47BD9DF02322A16C36962F6F5B08DF5C247FFD51B0EAE321428B29259
TrID	48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 16.4% (.EXE) Win64 Executable (generic) (10523/12/4) 10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter	Cryptolaemus1
Tags:	dll Emotet epoch5 exe Heodo

Cryptolaemus1

Emotet epoch5 exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

348

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/264143/

Detection(s):

Win.Packed.Emotet-9943901-0

SecuriteInfo.com.W32.AIDetect.malware2.17759.21638.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Sending a custom TCP request

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

control.exe emotet greyware keylogger overlay packed

Link:

https://www.filescan.io/uploads/625b8f5b482f2f41cac0f252/reports/76873e32-e7ed-452d-868d-f1e970eafc97/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/54b3fba1cdbefbf9c8e75ef2cf06d5ca1dec242d036a636263a53672772e661a/

Threat name:

Win32.Trojan.Emotetcrypt

Status:

Malicious

First seen:

2022-04-17 03:54:07 UTC

File Type:

PE (Dll)

AV detection:

20 of 26 (76.92%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ksz7xionx357tshhl3zm6bwvzio6yjbnanvggytduu3he5zomyna._file

Verdict:

malicious

Similar samples:

10e8c19f754e49253be6be51f7939867058c378ecba811d03458b9549476e2a2

1c67673e50bb8d015ba7797b995bc2a04d5caf15df9bf5dad400d20d7ae2f4a6

47375e5a6088eeef4ea4a4b6de993971c524ac15550749490220f005f26546bf

c88ece4a8b4f556e3359d54f4a24b7ef4868ad700f111aaa74ada796116f3c99

d2645b7fefc216877d74233c17440dc0bd55ea4343001e513c10abe17f348609

e8f2e6f8d6f6418dbab5f2eea010f3947ff6a0fe4be8eafd54500e703a7db468

+ 257 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/220417-ef76qahedl/

Behaviour

Suspicious use of WriteProcessMemory

Unpacked files

SH256 hash:

54b3fba1cdbefbf9c8e75ef2cf06d5ca1dec242d036a636263a53672772e661a

MD5 hash:

9771c429dd8fc6656f2726b7176c7f10

SHA1 hash:

90e9bd4eed83bf1f2138a05e668ba0b92eda8870

Link:

https://www.unpac.me/results/a6c6c640-56b8-4887-b9da-f83a0bf9bf83/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/54b3fba1cdbefbf9c8e75ef2cf06d5ca1dec242d036a636263a53672772e661a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/264143/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample