MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b28dbaf8527bf24e7c676fd1afb479923b08dab7950eff6c1c84014815232b2f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Emotet (aka Heodo)

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	b28dbaf8527bf24e7c676fd1afb479923b08dab7950eff6c1c84014815232b2f
SHA3-384 hash:	ba61c7ad2142f5c18fd7b29a061bac73777a1d4e07a728526edd88ea0344a27621534d781e82c3837fdb3519ab4ecfb0
SHA1 hash:	5427a9a3ddb952c88f7e8829c5bbc4f8ee26b7d3
MD5 hash:	bc86fcc787e7a24bae4b6c025bcbf3f2
humanhash:	uranus-golf-green-twenty
File name:	emotet_exe_e4_b28dbaf8527bf24e7c676fd1afb479923b08dab7950eff6c1c84014815232b2f_2022-04-16__045052.exe
Download:	download sample
Signature	Heodo Create hunting rule
File size:	577'416 bytes
First seen:	2022-04-16 04:50:57 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	973d97b59b04de30192c4429f01c1ab1 (93 x Heodo)
ssdeep	12288:wGOAWAyzLzHKwJrCf9dJJjI1rMpUsN+JinUqqOYJIO:w5aYJI
Threatray	345 similar samples on MalwareBazaar
TLSH	T1E1C428936AC3C0B7E41F0279860A92287257D5327756E6CF3BC5D71FCA387A2AB38151
TrID	48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 16.4% (.EXE) Win64 Executable (generic) (10523/12/4) 10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter	Cryptolaemus1
Tags:	dll Emotet epoch4 exe Heodo

Cryptolaemus1

Emotet epoch4 exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

280

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/264054/

Detection(s):

Win.Trojan.Emotet-9942094-0

Win.Malware.Generickdz-9943185-0

SecuriteInfo.com.W32.AIDetect.malware2.1172.12758.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

control.exe greyware keylogger overlay shell32.dll

Link:

https://www.filescan.io/uploads/625a4b38ffe27d5119e2d3d0/reports/c6db2971-d1fa-41c4-9790-862ca736a311/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Emotet

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/00e45484-1372-4833-9cfa-b8a163251cf8

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b28dbaf8527bf24e7c676fd1afb479923b08dab7950eff6c1c84014815232b2f/

Threat name:

Win32.Trojan.Emotet

Status:

Malicious

First seen:

2022-04-16 04:51:07 UTC

File Type:

PE (Dll)

AV detection:

22 of 42 (52.38%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=wkg3v6csppze47dhn7i27ndzsi5qrwvxsuhp63a4qqauqfjdfmxq._file

Verdict:

malicious

Similar samples:

0a0fb8f6cde81cfdf1b2a1f9b2f7b19942ed6ff7a435ba13ae9ce1c76d2f8b8b

5520131e8ea597cf9820116645df7b75f01e9dd05f17d84ed7c4a428b31fa796

964ac324a76e7634b286ec3b8615ebd8e3f64e50c077f77b6d2ac1295095e729

98f315a72451f9409e041d0bb268fa17a9cb238d27a75bd16ed8b468e2527609

9b8b973f01272748dfe18288bd34bdaa1a6e1f90c078401a7e714a07d0ea6c11

9d257725c9684457daabc127e81c0cb5c8ffd3bf1aaaf9d5c53324102c79b738

b3aadd119287ed0888fb1c3bc73fdf1db24f7c45466fd8b5172932af76ce2ef5

d2e98a88de7202643368fa84b586ab3fb9cf12328be93c04a2128393e00e30ed

+ 335 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/220416-fgtkdseab4/

Behaviour

Suspicious use of WriteProcessMemory

Unpacked files

SH256 hash:

b28dbaf8527bf24e7c676fd1afb479923b08dab7950eff6c1c84014815232b2f

MD5 hash:

bc86fcc787e7a24bae4b6c025bcbf3f2

SHA1 hash:

5427a9a3ddb952c88f7e8829c5bbc4f8ee26b7d3

Link:

https://www.unpac.me/results/e45bf64c-c236-460d-95c7-50bdfd720920/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/b28dbaf8527bf24e7c676fd1afb479923b08dab7950eff6c1c84014815232b2f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/264054/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample