MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6f67fa640c1f575356ff7c3bf9c58f5a557d300c564a2f221878f03edbb24bc7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Emotet (aka Heodo)

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	6f67fa640c1f575356ff7c3bf9c58f5a557d300c564a2f221878f03edbb24bc7
SHA3-384 hash:	13b40c2b68486c51745f7a7cc3ebe3685bdb674b53e81e8fe2f527912f6dc4d4005bdfe67c90a49ba1926a9b768ee40f
SHA1 hash:	02d2340bb38fde753271d9fc64ee46d957e6fed8
MD5 hash:	dff395ee7d2111822de78e8ba9892c5d
humanhash:	maine-april-angel-football
File name:	emotet_exe_e4_6f67fa640c1f575356ff7c3bf9c58f5a557d300c564a2f221878f03edbb24bc7_2021-12-02__064341.exe
Download:	download sample
Signature	Heodo Create hunting rule
File size:	473'600 bytes
First seen:	2021-12-02 06:43:46 UTC
Last seen:	2021-12-02 08:54:18 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	057d91f9747659ff50a0558e0aed5a44 (7 x Heodo)
ssdeep	12288:mFyGBDytNZAR5Myju+qQuj/J+7K6Dg8stHb1h:mF92e/jEk77Dg8stJh
Threatray	238 similar samples on MalwareBazaar
TLSH	T1B1A4BF20B961C036E4AE10303D68D6EA056F7D364FF0CADB67E42F6D4E352C16B3566A
Reporter	Cryptolaemus1
Tags:	dll Emotet epoch4 exe Heodo

Cryptolaemus1

Emotet epoch4 exe

Intelligence

File Origin

# of uploads :

# of downloads :

102

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/210548/

Detection(s):

SecuriteInfo.com.Variant.Fragtor.44700.8950.29137.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

DNS request

Launching a process

Verdict:

Suspicious

Threat level:

5/10

Confidence:

67%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/61a86b34f9d950eb11b65616/reports/f8b94632-1843-429b-9529-007772af869d/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/b5d04051-882d-4224-8fc3-20d38fcb3904

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6f67fa640c1f575356ff7c3bf9c58f5a557d300c564a2f221878f03edbb24bc7/

Threat name:

Win32.Trojan.Fragtor

Status:

Malicious

First seen:

2021-12-02 06:44:14 UTC

File Type:

PE (Dll)

Extracted files:

AV detection:

13 of 44 (29.55%)

Threat level:

5/5

Verdict:

malicious

Label(s):

emotet

Result

Malware family:

n/a

Score:

10/10

Tags:

n/a

Link:

https://tria.ge/reports/211202-hhhwdsfdc3/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Program crash

Suspicious use of NtCreateProcessExOtherParentProcess

Unpacked files

SH256 hash:

74fcc9a8ceef72dd13c14de7d899efa4a6b2bc1a5c959b8ef08e7bb9d8121b0c

MD5 hash:

23670d8505f9d7b6eab4370e4c6b6dee

SHA1 hash:

60f09bf69b7f5c7ba068d2e7afb2571233284eb6

Detections:

win_emotet_a2

win_emotet_auto

Link:

https://www.unpac.me/results/7b038d07-c989-4df8-a915-44df67cf735e/

SH256 hash:

6f67fa640c1f575356ff7c3bf9c58f5a557d300c564a2f221878f03edbb24bc7

MD5 hash:

dff395ee7d2111822de78e8ba9892c5d

SHA1 hash:

02d2340bb38fde753271d9fc64ee46d957e6fed8

Link:

https://www.unpac.me/results/7b038d07-c989-4df8-a915-44df67cf735e/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/6f67fa640c1f575356ff7c3bf9c58f5a557d300c564a2f221878f03edbb24bc7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/210548/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample