MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 59c3bb00017dd3bb1abd4d42d9a50df24fcd320bacf5335d1c030b772dc796c5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 59c3bb00017dd3bb1abd4d42d9a50df24fcd320bacf5335d1c030b772dc796c5
SHA1 hash: 32bcf8bbf7a5a3e88f4025179f4be9445b8e7ec8
MD5 hash: 52b94921d9e57a2009fb0c562aab25bc
File name:emotet-sample-with-server-sided-code.zip
Download: download sample
Signature n/a
File size:562'836 bytes
First seen:2020-03-19 18:51:05 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:vd1Ja9NiT73FVqdah1wYnFPAVIsHJm0q9H9Klkac7h:11JSNu3eEh1widsprq9kI7h
TLSH E1C423D0F6B4498F9AD9D2B6279C7B07A782D078712514CA95A3051478C0EEFD3E2EF1
Reporter @LibraAnalysis
Tags:deobfuscated Emotet macro php server sided code


Twitter
@LibraAnalysis
Emotet stages (obfuscated and deobfuscated), together with server sided PHP dropper code. A detailed analysis can be found here: https://maxkersten.nl/binary-analysis-course/malware-analysis/emotet-droppers/

Intelligence


Mail intelligence No data
# of uploads 1
# of downloads 34
Origin country NL NL
ClamAV Doc.Malware.Outbreak-6923440-0
Doc.Malware.Outbreak-6923442-0
Doc.Malware.Outbreak-6923441-0
Sanesecurity.Malware.24819.MacroHeurGen.Hp.UNOFFICIAL
Doc.Dropper.Agent-6842045-0
SecuriteInfo.com.PHP.Obfus-42.UNOFFICIAL
Php.Malware.Agent-6779621-0
SecuriteInfo.com.PUA.Base64EXE-2.UNOFFICIAL
Win.Malware.Emotet-6856567-0
Win.Malware.Emotet-6858871-0
VirusTotal:No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments