MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b5e32d2f73c24b9db437c47118f21dec128dabc71f1a86852583c8844ab04d7e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Emotet (aka Heodo)

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	b5e32d2f73c24b9db437c47118f21dec128dabc71f1a86852583c8844ab04d7e
SHA3-384 hash:	d6ffe957d81985daa05dfed25d80c426375e5cb2ccafd795028bdf299c96410985924e7165b319ef7ce325d9ad99f7c4
SHA1 hash:	094cdbfcadb272d0e03432c43cf0d46c1e813550
MD5 hash:	5237a46e2a8b452397adf9dadcc6bbac
humanhash:	diet-crazy-william-cat
File name:	emotet_exe_e5_a595121b517145c8cbe41dce45d7074de54f821348cc70cb6b5649f4cdba0aa9_2022-04-16__011353.exe
Download:	download sample
Signature	Heodo Create hunting rule
File size:	679'936 bytes
First seen:	2022-04-16 01:13:57 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	c7be10fff3b5624b64714e5733abbf40 (246 x Heodo)
ssdeep	12288:aanana8MeeeWyM33d3q3Z7BogyreNmF+U/9JckIAGfUebMx:aanana84h3831Bo4N6+ADckbebG
Threatray	384 similar samples on MalwareBazaar
TLSH	T15FE46C02B3C390B0C557653C851BF3606CAEBC2C6B18853A6657B6EF4BF2590ED346A7
TrID	40.2% (.EXE) InstallShield setup (43053/19/16) 29.1% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 9.8% (.EXE) Win64 Executable (generic) (10523/12/4) 6.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
Reporter	Cryptolaemus1
Tags:	dll Emotet epoch5 exe Heodo

Cryptolaemus1

Emotet epoch5 exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

274

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/264038/

Detection(s):

Win.Trojan.Emotet-9941823-0

Win.Trojan.Emotet-9941824-0

Win.Trojan.Emotet-9941825-0

Win.Trojan.Generickdz-9942734-0

Win.Packed.Emotet-9942745-0

Win.Packed.Emotet-9942914-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for synchronization primitives

Launching the default Windows debugger (dwwin.exe)

Searching for the window

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

emotet explorer.exe greyware keylogger overlay packed shell32.dll

Link:

https://www.filescan.io/uploads/625a185bffe27d5119e0effe/reports/6d0d2b33-04e9-4329-97b1-ea8986d82e58/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Emotet

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/9e0371a7-38b7-496b-9e1d-5646b3c90c3d

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b5e32d2f73c24b9db437c47118f21dec128dabc71f1a86852583c8844ab04d7e/

Threat name:

Win32.Trojan.Emotet

Status:

Malicious

First seen:

2022-04-16 01:14:07 UTC

File Type:

PE (Dll)

Extracted files:

1

AV detection:

21 of 26 (80.77%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=wxrs2l3tyjfz3nbxyryrr4q55qji3k6hd4ninbjfqpeiisvqjv7a._file

Verdict:

malicious

Similar samples:

0b21dc93912b088672e795ecc9a915f71c5ac2427619359a4c3b60dd7efbf229

0fee9b877e2e9cf1bf1560aa1d5ebe3c77bf694dbe93694e3c2d6232b6ada1d7

1546794972a081f1cb12b92e00550a20453eb4b4491e7b04307af3a47c9bcf5b

39592b4818477c8e2defc814e8dcccc77eac17d9299c351269610568c2fb00ff

55e5d2f1f3939ccb5acdb5645751bed75737987a15dad37515f4c61fcf9bd94f

89d6e9fbf04a5850a74a29ff249cbb1c54c12785eaf9608b3dfd3bfa869b5560

a389e6c1ca971d096866d450600fc5b1bfffacd92388f7e267a94f32c65873bf

d5f2fe8285108897e6f2de2ad409497977eb6ee880bd71e8dfbc7d958f0af2c7

f319402076fc0605c626c62743324474a9f733e51b34d722c7220ca6f16b8c9c

+ 374 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/220416-blmv7aechr/

Behaviour

Suspicious use of WriteProcessMemory

Program crash

Unpacked files

SH256 hash:

b5e32d2f73c24b9db437c47118f21dec128dabc71f1a86852583c8844ab04d7e

MD5 hash:

5237a46e2a8b452397adf9dadcc6bbac

SHA1 hash:

094cdbfcadb272d0e03432c43cf0d46c1e813550

Link:

https://www.unpac.me/results/bf2fe9be-6942-4b33-9515-8098d2ae27ca/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/b5e32d2f73c24b9db437c47118f21dec128dabc71f1a86852583c8844ab04d7e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/264038/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample