MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b2b8f8bf2bdfd037a41ef3ec63d1db9e781d4199b856e16ac5f8d209e0ea5fb7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Emotet (aka Heodo)


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b2b8f8bf2bdfd037a41ef3ec63d1db9e781d4199b856e16ac5f8d209e0ea5fb7
SHA3-384 hash: c7706226125d1d81ccde3be438b565db3180d3699087370414c28f393966ad48658bc131974d578e9b7035129d85f40a
SHA1 hash: 1aa8d48bfa0ccd464dfd89ad93c34fc5e59793b8
MD5 hash: 69e71eceea30c00a84bd32ba44ba214a
humanhash: hot-gee-table-alpha
File name:emotet_exe_e5_b2b8f8bf2bdfd037a41ef3ec63d1db9e781d4199b856e16ac5f8d209e0ea5fb7_2022-04-25__173911.exe
Download: download sample
Signature Heodo
Create hunting rule
File size:669'862 bytes
First seen:2022-04-25 17:39:18 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 078cf8e17700d87242408b8588acd2dc (28 x Heodo)
ssdeep 12288:y7pLgbqIjZbwqHUM6AySrYj2azO8BOg1s3FP:y7ssqekYtzbO53FP
Threatray 1'512 similar samples on MalwareBazaar
TLSH T1D3E4AD173493C07ADAAF02B04A06AFAEA7F5EA104F7159C3A780CB3D4E759DB9736114
TrID 40.5% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
17.0% (.SCR) Windows screen saver (13101/52/3)
13.6% (.EXE) Win64 Executable (generic) (10523/12/4)
8.5% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
File icon (PE):PE icon
dhash icon 71b119dcce576333 (3'570 x Heodo, 203 x TrickBot, 19 x Gh0stRAT)
Reporter Cryptolaemus1
Tags:dll Emotet epoch5 exe Heodo


Avatar
Cryptolaemus1
Emotet epoch5 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
264
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/266525/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.15242.15542.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
emotet greyware keylogger overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/6266dd072f162d9fdf671509/reports/c02e0a8e-8945-443c-8f53-4096c2e203cc/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Emotet
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/db8e81f0-d1ec-4184-829c-7f94fef69b9d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b2b8f8bf2bdfd037a41ef3ec63d1db9e781d4199b856e16ac5f8d209e0ea5fb7/
Threat name:
Win32.Trojan.Emotet
Create hunting rule
Status:
Malicious
First seen:
2022-04-25 17:40:07 UTC
File Type:
PE (Dll)
Extracted files:
4
AV detection:
22 of 42 (52.38%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wk4prpzl37idpja66pwghuo3tz4b2qmzxbloc2wf7djatyhkl63q._file
Verdict:
malicious
Similar samples:
13465c0a54d49d9b334aa6be566338b760c422ef9ead8b489d9204c92f134314
Heodo
1ab4f5f9a595c438edb24dc2139d1b43c3bde1186c6b1451ece957923dda6166
Heodo
27aeca32e6f41ecd651b6f4552310e78a2251183eb18df7c13779ce02154deb6
Heodo
3577437bb2a8f7d84a50747334238a7f6928fe468047c9a1c3333339b31c8716
Heodo
4634f6646fb50e345ada7be39aab498ad71f621c2a478ad12ba3b90ebd39aee7
Heodo
4dc85110c7c0ab26efbbe6ce4ab42e449b7c02b3d3b76582f8bda3f960056538
Heodo
7532a2ad18a0ba68ec6e90791cc3eaf7d72a77fdeb3a8c6b99628b7b960bb9ec
Heodo
8eda6efd0d979c443c712a8668441f878a6d682cbdef2a5a19cf02d03111fe58
Heodo
bb85f3c32f938817976c427984420d185b0060b28b6e6fbcfb3c66c0ccb97215
Heodo
+ 1'502 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220425-v8vn4ahafl/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
b2b8f8bf2bdfd037a41ef3ec63d1db9e781d4199b856e16ac5f8d209e0ea5fb7
MD5 hash:
69e71eceea30c00a84bd32ba44ba214a
SHA1 hash:
1aa8d48bfa0ccd464dfd89ad93c34fc5e59793b8
Link:
https://www.unpac.me/results/9ff8ca26-6825-4787-9234-d999d89ebc95/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Emotet
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/b2b8f8bf2bdfd037a41ef3ec63d1db9e781d4199b856e16ac5f8d209e0ea5fb7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pdb2
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/266525/

Comments