MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 c23a242a9b18cdfcb1eb027b0adf192cb5c289b0ad26705241a762a4fe476bae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Emotet (aka Heodo)
Vendor detections: 6
| SHA256 hash: | c23a242a9b18cdfcb1eb027b0adf192cb5c289b0ad26705241a762a4fe476bae |
|---|---|
| SHA3-384 hash: | 2e3a5625e5b97737f4fb3df925478de64d81871e3f42a942ef7288b624105fac8a7829fe56829290f578de645727f834 |
| SHA1 hash: | 9a8597be41ea7106aab4bc19032688c94adc1b0a |
| MD5 hash: | 65ffa8bbc0ae9b4002887a5cc257273f |
| humanhash: | fillet-seventeen-uniform-helium |
| File name: | からの変更_20200915.doc |
| Download: | download sample |
| Signature | Heodo |
| File size: | 159'963 bytes |
| First seen: | 2020-09-15 13:22:33 UTC |
| Last seen: | Never |
| File type: |  doc |
| MIME type: | application/msword |
| ssdeep | 1536:gURA+F6URA+Fhrdi1Ir77zOH98Wj2gpngd+a9ZxQIY0y+WbSw:frfrzOH98ipgBxDH7ASw |
| TLSH | 84F3950926D1994EF33A8E3027D9AAE91856DCF45D8D4067328CBB147737B40E9E1BF8 |
| Reporter |  GovCERT_CH |
| Tags: | Emotet Heodo |
Intelligence
File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
TwinWave.EvilDoc.AutoExecSeparateWays.20200818.UNOFFICIAL
SecuriteInfo.com.VB.Trojan.VBA.Agent.BHH.UNOFFICIAL
TwinWave.EvilDoc.WelcomeBackEmotetThatsWhyTheyCallItWindowPain.2020717.UNOFFICIAL
TwinWave.EvilDoc.EmotetCROCryLittleSister.20200720.UNOFFICIAL
TwinWave.EvilDoc.EmotetARCROClubbedToDeathKurayamino.20200904.UNOFFICIAL
SecuriteInfo.com.VB.Trojan.VBA.Agent.BHH.UNOFFICIAL
TwinWave.EvilDoc.WelcomeBackEmotetThatsWhyTheyCallItWindowPain.2020717.UNOFFICIAL
TwinWave.EvilDoc.EmotetCROCryLittleSister.20200720.UNOFFICIAL
TwinWave.EvilDoc.EmotetARCROClubbedToDeathKurayamino.20200904.UNOFFICIAL
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a window
Using the Windows Management Instrumentation requests
Creating a process with a hidden window
DNS request
Creating a file
Creating a process from a recently created file
Moving a file to the Windows subdirectory
Creating a service
Connection attempt
Sending an HTTP POST request
Deleting a recently created file
Possible injection to a system process
Enabling autorun for a service
Launching a process by exploiting the app vulnerability
Sending an HTTP GET request to an infection source
Detection:
emotet
Threat name:
Document-Word.Trojan.Emotet
Status:
Malicious
First seen:
2020-09-15 10:19:59 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
5/5
Detection(s):
Suspicious file
Result
Malware family:
n/a
Score:
8/10
Tags:
macro
Behaviour
Suspicious Office macro
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Emotet
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Dropped by
Heodo
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.