MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a66c447440de565f86382940b87bd4660036cf1c16b88b97ea28ce47d7c0662b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Emotet (aka Heodo)


Vendor detections: 1


Intelligence 1 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a66c447440de565f86382940b87bd4660036cf1c16b88b97ea28ce47d7c0662b
SHA3-384 hash: 8dc99ab056d14facba9b692f0f31907ae6147164ad8331e6b76eddb5cdabd7b5750b137dfde262643bd3570d066f28e3
SHA1 hash: c17bde767708656905c0dcd1f5db9ab98e990344
MD5 hash: 9ab7d96d6d01f3e70b92146cb0ff7cbe
humanhash: july-oranges-grey-bakerloo
File name:rapport-94656820.zip
Download: download sample
Signature Heodo
Create hunting rule
File size:90'511 bytes
First seen:2021-01-05 12:50:25 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 1536:XKjxOMjd4VtP0pDLPTDutQhl9vfrI7U7ljdaKfnNexHE5Ns0fPNkt/JUS:gZjd4Vt8pXTxlhT4a1dgE5a03Nk/JUS
TLSH FD931228B9090465E7522EDB3B5FD7352CC41187C321BE29F0BAE82700EB2517737572
Reporter cocaman
Tags:Emotet Heodo zip


Avatar
cocaman
Malicious email (T1566.001)
From: ""Jason.Campbell@uk.renaultf1.com" <contabilita@studiobabic.eu>" (likely spoofed)
Received: "from studiobabic.eu (93-50-120-125.ip152.fastwebnet.it [93.50.120.125]) "
Date: "Tue, 05 Jan 2021 11:11:24 +0100"
Subject: "RE: Urs Rebsamen"
Attachment: "rapport-94656820.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
186
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a66c447440de565f86382940b87bd4660036cf1c16b88b97ea28ce47d7c0662b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a66c447440de565f86382940b87bd4660036cf1c16b88b97ea28ce47d7c0662b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Heodo

zip a66c447440de565f86382940b87bd4660036cf1c16b88b97ea28ce47d7c0662b

(this sample)

Heodo

Word file doc 477449767b272bb7caa99c7d510ca653e3498a1e9c01552c59173923c60c5f9b

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 477449767b272bb7caa99c7d510ca653e3498a1e9c01552c59173923c60c5f9b

Comments


Avatar
Corsin Camichel commented on 2021-01-05 12:52:59 UTC

Archiv Passwort: 500