MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b98d0bd4a8fa89906859f378ea7b924c554443f633bcafc84b0e85c06bed8eb3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Emotet (aka Heodo)


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b98d0bd4a8fa89906859f378ea7b924c554443f633bcafc84b0e85c06bed8eb3
SHA3-384 hash: b7062ca466a0ea9183729df5af4a51f3ecb1e789abd71b1ac9e59b82dd883ac44901da22a289446e29aaa4bfd17e68ac
SHA1 hash: 499e4fdfe03172044db76b06bbcece8e5a6a5e37
MD5 hash: fd7c848498f9ffc17b7ad2786f55d01a
humanhash: nuts-william-four-robin
File name:emotet_exe_e2_b98d0bd4a8fa89906859f378ea7b924c554443f633bcafc84b0e85c06bed8eb3_2021-01-13__112654.exe
Download: download sample
Signature Heodo
Create hunting rule
File size:280'064 bytes
First seen:2021-01-13 11:26:59 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 68aea345b134d576ccdef7f06db86088 (46 x Heodo)
ssdeep 6144:WlLMUG2gFWLDFO9vNa11y3NPcJufFFTXNZrjJTKs:W5MT4WNaHy9P1FjbrjlKs
Threatray 483 similar samples on MalwareBazaar
TLSH 0054CF217A53C826F5E800FCA6E9878915167F346F44A4C373D40F6AA8759E2EF2B317
Reporter Cryptolaemus1
Tags:Emotet epoch2 exe Heodo


Avatar
Cryptolaemus1
Emotet epoch2 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
182
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Emotet
Create hunting rule
Link:
https://www.capesandbox.com/analysis/111764/
Detection(s):
SecuriteInfo.com.Generic.mg.fd7c848498f9ffc1.2185.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b98d0bd4a8fa89906859f378ea7b924c554443f633bcafc84b0e85c06bed8eb3/
Threat name:
Win32.Trojan.EmotetCrypt
Create hunting rule
Status:
Malicious
First seen:
2021-01-13 11:27:05 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xggqxvfi7keza2cz6n4ou64sjrkuiq7wgo6k7sclb2c4a27nr2zq._file
Verdict:
malicious
Label(s):
emotet
Create hunting rule
Similar samples:
2439ee9fc3c9ff3abb5350b061df8a74a208cd42d2d808372179bee8e8b84e39
Heodo
385ecef52dace3b401a7ed4acb4ef99bfc7f881683045900f6af54af1bfc57f4
Heodo
394cd25632ca2b4d508a63ba806cfdfbf836b57d6cf1c337c4c06ec115040750
Heodo
4119cbc1de70e6c41063117f665620762ff930415a589be9f1f5dee26340a416
Heodo
49f5b14a2563126acf83387ca2eda75fcdb050d5052cd756a7627bf75499dbe8
Heodo
66732b32c134ca0f64b5f3a526b4232854bc11ef34861a78ded6bcfa03112d4d
Heodo
81d39810e27aaae72ecf4954290cc9133abe3fd0968a9f787c224017b5ade239
Heodo
a3b948cc2e1c902db955949ac2c3cc3a00f25567aa37c9360291c0665511678c
Heodo
c5e97cf63b4f5f443c475101a9331a130f4d479399a52cfac24d1bcfa9d78c15
Heodo
d9942c14d06f8723dec0e7a052837f0d09fe1787cc4a1ea50541e7b024ea61d7
Heodo
+ 473 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210113-cp41r428wx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Blocklisted process makes network request
Unpacked files
SH256 hash:
b98d0bd4a8fa89906859f378ea7b924c554443f633bcafc84b0e85c06bed8eb3
MD5 hash:
fd7c848498f9ffc17b7ad2786f55d01a
SHA1 hash:
499e4fdfe03172044db76b06bbcece8e5a6a5e37
Link:
https://www.unpac.me/results/75126b1e-f2ce-4027-a263-da63ea21ed99/
SH256 hash:
8f95a660585e89651cd86e7009854796e5e80d10d1c92bfc4407224f19232b0a
MD5 hash:
a9ba7bad59b3d757b11a6f9805e63b00
SHA1 hash:
f10c709fe920efe25cdd0a7dab9b94b576cdd6d6
Detections:
win_emotet_a2
Create hunting rule
Link:
https://www.unpac.me/results/75126b1e-f2ce-4027-a263-da63ea21ed99/
Parent samples :
4a91efce913eb758fc2fc521d9d3aa03435dca6f31042d3238a2ba4fa9c3d44a
a3b948cc2e1c902db955949ac2c3cc3a00f25567aa37c9360291c0665511678c
2884a74d210bff9f00180cedb8a3cf72e98e9fb60fe2ddb8013742c06ed90c79
2b823ea04a168a3a411f13be07a3d21ecf77e5eb302eeb1df81eba1bf2db1716
b797ee02a6076e9a2616e29fa028f7ab9e2c2a4462b52e23ce7c764ea08cc60f
4fb7e283f5630ce8de93b622997d2acc8069a2d65d59986d966d1808cf3c17fa
2b862fcde61fb767e7166dd5203838b5a95cb75537674c3e432075cb8dcf2777
76231385c6db0d69c09bab8e16b956be0b94fe07db8a2e10d9ab54b5a44d0030
385ecef52dace3b401a7ed4acb4ef99bfc7f881683045900f6af54af1bfc57f4
300ab17eb7b6f16d701bc4233a47ab0b6e344742107893a2dd956d5b26d5a24d
abd66f959299dfdc80648d5c11bc94f491176951eebfd2ecffa311487489199d
e6ec70418c0896839b13b04b2308298bfd5c71e5543de240bb1fb9e24cf7c9ac
2bffe5e50c10299a36490f0c0ab76c4b31acbd111e52684bb141d1bc267493ae
487262f1db45bf66acd95a2cce3c9ebe9750c80645ce4268199e34361fe1fdfd
7aed3fe2d0743ca0f167a3029bc9f6d2a2efca22fc97ef085234513788859c09
c5e97cf63b4f5f443c475101a9331a130f4d479399a52cfac24d1bcfa9d78c15
b98d0bd4a8fa89906859f378ea7b924c554443f633bcafc84b0e85c06bed8eb3
f357249f8bdc0335708c70854c7e2dbe8b3230b5e7c83590eeb75295dea62dab
13b82d8845824e603b72a51176ca27f9b8f808006e5f5c6d08e3a9118299fa57
1a0dbe107464310b9edcf3f39d2b63b3a7e2b93fca51422515483aabf9f92cb8
abbca19344bd039c31963fb2c2239a104e36c46c27f44400648675d3d2e86a80
af2ff1cce0750b515e034bd482bd2b486fc82d2839257ea0693709801c8903a5
e7c52c484acf172e7e1e1af87523e97f16ce890ab584219d3a4fcf52949ae632
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b98d0bd4a8fa89906859f378ea7b924c554443f633bcafc84b0e85c06bed8eb3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/111764/

Comments