MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ca4b4dac04769d002cd9ec6f7869d113fbc130120aba5bdf820f59a2abaa4b23. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Emotet (aka Heodo)


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ca4b4dac04769d002cd9ec6f7869d113fbc130120aba5bdf820f59a2abaa4b23
SHA3-384 hash: faa573bb21ba89b19713227c44a0de31655b4e1c65e843e179e534d1c13fc813f7a7d157ba75ad76a0be401de8726d16
SHA1 hash: a8df08006071408cec660107e5dd8b6a17e2928b
MD5 hash: 9a947dd91915ea87bc61576053271ada
humanhash: mobile-orange-connecticut-carbon
File name:emotet_exe_e4_ca4b4dac04769d002cd9ec6f7869d113fbc130120aba5bdf820f59a2abaa4b23_2021-12-23__012449.exe
Download: download sample
Signature Heodo
Create hunting rule
File size:536'576 bytes
First seen:2021-12-23 01:24:55 UTC
Last seen:2021-12-23 03:07:54 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash af1b01dbc18f406dd241ac0a1a28e346 (5 x Heodo)
ssdeep 12288:F4UuFuNB2bvR0Iva6qREvKMHBX8i/Da7VpxmIXf5:FriuNsVC6qsx/g5
Threatray 233 similar samples on MalwareBazaar
TLSH T1A9B4BF01F582D0B6E96F1070282D97BA093D7D605F1849EBE7C86D3E4EB05E19E34F6A
Reporter Cryptolaemus1
Tags:dll Emotet epoch4 exe Heodo


Avatar
Cryptolaemus1
Emotet epoch4 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
104
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.20370.32504.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
DNS request
Launching a process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/61c3cff68991ba72b392de22/reports/3c10d8f1-1e4b-44d5-a3c0-2ca42f45471d/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/d11f06b3-9261-447d-88b5-c7559ad514e2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ca4b4dac04769d002cd9ec6f7869d113fbc130120aba5bdf820f59a2abaa4b23/
Threat name:
Win32.Trojan.Emotet
Create hunting rule
Status:
Malicious
First seen:
2021-12-23 01:25:14 UTC
File Type:
PE (Dll)
Extracted files:
4
AV detection:
19 of 27 (70.37%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
emotet
Create hunting rule
Similar samples:
491b92a087f6cb1e8306efb50407258a4954698c602cafbbaa18ab4ab8167178
Heodo
4b34a0bd90c8117d2d8fccc27d85aa759b1383f90f723a175f30c6079d5616b8
Heodo
75480f62f2f051d0b12056402335abd33ff0ec06f67241ea609094bec417787e
Heodo
76807509a5e256945385c962b78ca32a43e0f4cd5676f131b8236b879c441374
Heodo
8882b6fa9567ea676a821b98ae87b6913b88e388ca4e7bc149b69ef0cb283f47
Heodo
a33d443376309635a57328f4ceb3bacba6d58f5360a213f8c3a15cffb8298054
Heodo
aff3450a54d7edce973ddce844b4f58b74a250991818dd599b2f63565ae22fde
Heodo
c31e91399f7c4ffaebada7a1598853ad044146c41d8c2a6ca869705210d29d63
Heodo
f486c5646cce69ec4ed87f4086ca264d2a71e57ddd2d14dc93c48de93d646c94
Heodo
f4fac4eb1b15056315e049c7a0e21f0baa4f0b0f6f89478f3440a40c29b0f13a
Heodo
+ 223 additional samples on MalwareBazaar
Result
Malware family:
emotet
Create hunting rule
Score:
  10/10
Tags:
family:emotet botnet:epoch4 banker trojan
Link:
https://tria.ge/reports/211223-bs1evshdbk/
Behaviour
Suspicious use of WriteProcessMemory
Emotet
Malware Config
C2 Extraction:
54.37.212.235:80
45.15.23.184:443
41.76.108.46:8080
212.237.5.209:443
46.55.222.11:443
207.38.84.195:8080
103.8.26.102:8080
138.185.72.26:8080
104.251.214.46:8080
110.232.117.186:8080
51.68.175.8:8080
176.104.106.96:8080
216.158.226.206:443
103.8.26.103:8080
103.75.201.2:443
210.57.217.132:8080
195.154.133.20:443
45.142.114.231:8080
107.182.225.142:8080
158.69.222.101:443
45.118.115.99:8080
192.254.71.210:443
178.79.147.66:8080
203.114.109.124:443
212.237.56.116:7080
173.212.193.249:8080
58.227.42.236:80
50.116.54.215:443
162.214.50.39:7080
45.118.135.203:7080
212.237.17.99:8080
81.0.236.90:443
Unpacked files
SH256 hash:
54a39fe298c29438fcba3a44eea3d4658defc366e994c208c427314f96554be4
MD5 hash:
54a17e52de4b6ef59300407f8a105c0b
SHA1 hash:
ec64fb6c3ffbf435eeec6f7f5d94b700c75751e6
Detections:
win_emotet_a2
Create hunting rule
win_emotet_auto
Create hunting rule
Link:
https://www.unpac.me/results/beebb1f9-60a2-4ecf-a4f9-15835b8501e3/
SH256 hash:
ca4b4dac04769d002cd9ec6f7869d113fbc130120aba5bdf820f59a2abaa4b23
MD5 hash:
9a947dd91915ea87bc61576053271ada
SHA1 hash:
a8df08006071408cec660107e5dd8b6a17e2928b
Link:
https://www.unpac.me/results/beebb1f9-60a2-4ecf-a4f9-15835b8501e3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ca4b4dac04769d002cd9ec6f7869d113fbc130120aba5bdf820f59a2abaa4b23

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments