MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6963dd79aa16d012852bf32ca91f7eff536b68af95814d28d207b9db6a2bbd96. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Emotet (aka Heodo)

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	6963dd79aa16d012852bf32ca91f7eff536b68af95814d28d207b9db6a2bbd96
SHA3-384 hash:	0e0804b68958a99e3f696de1f897a599e1c41a40a33938dc3340b743df564d7565e4f8c2feb52e8e33e29665820cedda
SHA1 hash:	6d6c51af00d3a074d757d9ae746a01b059f1a519
MD5 hash:	3fd55e7330d8d216b1d619249c431c27
humanhash:	spaghetti-fish-missouri-texas
File name:	emotet_exe_e5_6963dd79aa16d012852bf32ca91f7eff536b68af95814d28d207b9db6a2bbd96_2022-02-06__145042.exe
Download:	download sample
Signature	Heodo Create hunting rule
File size:	213'420 bytes
First seen:	2022-02-06 14:50:46 UTC
Last seen:	2022-02-06 16:35:52 UTC
File type:	dll
MIME type:	application/x-dosexec
ssdeep	6144:2D/Tuk02QyxDxkXOQTnjuwibXGmkEovJKt4kI0lkI9sJD8Mm0czMm8QTymiVNWzy:2D/Tukcyj1Giqjxq4s2IuJIMm0WKQTyZ
TLSH	T14A24ADA43B56A425F214672A1EC796005FE8D23248F3D09EDFC2F3A4A5FB442EB5D12D
Reporter	Cryptolaemus1
Tags:	dll Emotet epoch5 exe Heodo

Cryptolaemus1

Emotet epoch5 exe

Intelligence

File Origin

# of uploads :

# of downloads :

186

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/233786/

Detection(s):

SecuriteInfo.com.Trojan.GenericKDZ.83447.467.21494.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

DNS request

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

overlay packed

Link:

https://www.filescan.io/uploads/61ffe058a72f86da69624e99/reports/79f87032-96d4-42b3-bbbe-83eb1521a7e4/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Emotet

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/39096033-726d-4b8a-9da8-eea953d6419f

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6963dd79aa16d012852bf32ca91f7eff536b68af95814d28d207b9db6a2bbd96/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2022-02-06 14:51:10 UTC

File Type:

PE (Dll)

AV detection:

6 of 28 (21.43%)

Threat level:

5/5

Verdict:

malicious

Result

Malware family:

n/a

Score:

4/10

Tags:

n/a

Link:

https://tria.ge/reports/220206-r757nabahq/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Drops file in Windows directory

Unpacked files

SH256 hash:

6963dd79aa16d012852bf32ca91f7eff536b68af95814d28d207b9db6a2bbd96

MD5 hash:

3fd55e7330d8d216b1d619249c431c27

SHA1 hash:

6d6c51af00d3a074d757d9ae746a01b059f1a519

Link:

https://www.unpac.me/results/c6a568b7-1422-4c94-af16-fb0b57ce5f39/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/233786/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample