MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b6a6bacf336d431977df6f95d1d71f22561314abbbb57867b954fc09cf718f60. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Emotet (aka Heodo)


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b6a6bacf336d431977df6f95d1d71f22561314abbbb57867b954fc09cf718f60
SHA3-384 hash: 4c23101af882ab5c040b0764d209d49c6b925e51c2d7ceb19f3a7aacde02516a44991d051e4e7657d86e6d403041220a
SHA1 hash: c3cdb2cffa8a3839886f2ef7a7070787d92c3d3f
MD5 hash: 7d5a21ea994148e9f74f270fa0d11dd5
humanhash: idaho-jersey-venus-floor
File name:rw2CwmN9o5baMM1kNhI.dll
Download: download sample
Signature Heodo
Create hunting rule
File size:230'400 bytes
First seen:2020-12-21 12:36:55 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash a34412fd2050ec02d92ed7745b98eaa2 (20 x Heodo)
ssdeep 3072:TUniwXbv5ZJpaLPBzxzy39qxmu8jXb29gUFUE6ZvPlpLkH:Tx2JpaLpzxzqqxmH2gEK4
Threatray 20 similar samples on MalwareBazaar
TLSH 3F349D11A5018476F35E07302546FAE049AD9D7C26E4E18FFA78BE3A6E311C31A7729F
Reporter JAMESWT_WT
Tags:Emotet exe Heodo

Intelligence

File Origin
# of uploads :
1
# of downloads :
152
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.dc.12040.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b6a6bacf336d431977df6f95d1d71f22561314abbbb57867b954fc09cf718f60/
Threat name:
Win32.Trojan.EmotetCrypt
Create hunting rule
Status:
Malicious
First seen:
2020-12-21 12:37:17 UTC
File Type:
PE (Dll)
Extracted files:
33
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0d1744fd830ffed23cac8e36d7a3b88c35ce34bc1ebe0c57388030a428f99730
Heodo
1acdc1855adbfd9c84fa7833e2b615feda3a4f37961846c93bac3354c8352d59
Heodo
25d23fbf66df863c9be8595beb7ec421ba679123fbfe1d26e664d534c8c68081
Heodo
2f86f5802bb0cb1c18b8eb2ae9eaa4cef2ac1efaa7a17b19d308eecedaedf746
Heodo
40262cc016ac77ac410894f3dfd8a1c4a3fcbb3725a583d6defd2ea4d556df5a
Heodo
43a81e80cbd931329625e031d6c04620d95b637406231bc935bf3921374d81de
Heodo
6ced0d5b3e6fbe5b294e73fe587fc73cbbaf26a32c1abf92fe5c22c57c8a53f2
Heodo
a9295c68b9e6ad169bc14d79108c45b78d1f57b781874677c19e1d6b627890e2
Heodo
b1c619f847f1fd13623002f9a616f3c2ea9d9ac8d1863ba541757549e64a059b
Heodo
e9e16900388e0eb5009bfda3e9671afb04b8e3ed914db1bdde385c7eafca0e6d
Heodo
+ 10 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/201221-zt9yg9xpcj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Blocklisted process makes network request
Unpacked files
SH256 hash:
b6a6bacf336d431977df6f95d1d71f22561314abbbb57867b954fc09cf718f60
MD5 hash:
7d5a21ea994148e9f74f270fa0d11dd5
SHA1 hash:
c3cdb2cffa8a3839886f2ef7a7070787d92c3d3f
Link:
https://www.unpac.me/results/ff824b09-a4de-4ca7-bc17-1f7aa6b5c81e/
SH256 hash:
f567e145cf928879c13b51b84c057b82fc5727463bc2c976587fc96a2317efcb
MD5 hash:
db0519d8565a35ad1470150813f67602
SHA1 hash:
f3a612986982ec0e12ff2244139f6c65b413e8b8
Detections:
win_emotet_a2
Create hunting rule
Link:
https://www.unpac.me/results/ff824b09-a4de-4ca7-bc17-1f7aa6b5c81e/
Parent samples :
6ced0d5b3e6fbe5b294e73fe587fc73cbbaf26a32c1abf92fe5c22c57c8a53f2
1acdc1855adbfd9c84fa7833e2b615feda3a4f37961846c93bac3354c8352d59
a9295c68b9e6ad169bc14d79108c45b78d1f57b781874677c19e1d6b627890e2
25d23fbf66df863c9be8595beb7ec421ba679123fbfe1d26e664d534c8c68081
0d1744fd830ffed23cac8e36d7a3b88c35ce34bc1ebe0c57388030a428f99730
b1c619f847f1fd13623002f9a616f3c2ea9d9ac8d1863ba541757549e64a059b
e9e16900388e0eb5009bfda3e9671afb04b8e3ed914db1bdde385c7eafca0e6d
43a81e80cbd931329625e031d6c04620d95b637406231bc935bf3921374d81de
b6a6bacf336d431977df6f95d1d71f22561314abbbb57867b954fc09cf718f60
d2bed66a02677c5f05becd6cf44cbf5307935dfe923dd80660dc7beee8d0430d
c6f7040194cbed0d34fc343d601fef1fc56c0efd381870519c7ca59f208d66a6
5eadfa4dd6b036fb7cc42f1c023fde4579c2d2ab49e4c84b93f6e207272b07b3
47b014bad2d24296b2d07b3f69a9ce0b7249d11097fc09044a34755ae7be7810
e9b5c069a0bb351288d1b3bd1d9894cc07e4287c139474e753b42441b486f6f3
bff93708db43d3d6449a7c41c9f193fd28333d1f06d7caa3f7af0442a6b531c6
ace5ddc10143a31cc2df2146715a6f06aabce2bc62283d744129cad0df6caf24
0773745b0aa51960e3088ca2d947a03271ea86163bd635ece0bbe6a684832e4d
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b6a6bacf336d431977df6f95d1d71f22561314abbbb57867b954fc09cf718f60

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments