MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d54070b0b5a697330cc4da2a712d3f299f4468dca0175b9bc426231ea82ceb6f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Emotet (aka Heodo)

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	d54070b0b5a697330cc4da2a712d3f299f4468dca0175b9bc426231ea82ceb6f
SHA3-384 hash:	b893d88eb6a061497a23a86871ee10a032823651ceba33674254442b0b2c1e57c3ad8d7b4862fa1b4f0b08ac9a2ce9df
SHA1 hash:	81a9fb4de8fba8e6a7ac65c5529f31b65fa7ea44
MD5 hash:	ac77fc9d016667a46532f20fda0b06b5
humanhash:	twelve-king-blue-three
File name:	emotet_exe_e4_d54070b0b5a697330cc4da2a712d3f299f4468dca0175b9bc426231ea82ceb6f_2021-12-25__000403.exe
Download:	download sample
Signature	Heodo Create hunting rule
File size:	540'160 bytes
First seen:	2021-12-25 00:04:11 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	b5dc9ad96b513c24df30cb14bee2b2dd (28 x Heodo)
ssdeep	6144:GRQUWntghU/R+WtlgxTGZE7AeZ5V3Mi8oRifx/7/AOkcNlz+jOUTWolWVS/NeCcS:OUtghUkiKiZkAeZ5V3doKQ+iQVsV0/
Threatray	449 similar samples on MalwareBazaar
TLSH	T104B4C001F6C1D077C12E0430262ED72A4A3A7D749B2899EB93D49A7F4E706C15E35EAE
Reporter	Cryptolaemus1
Tags:	dll Emotet epoch4 exe Heodo

Cryptolaemus1

Emotet epoch4 exe

Intelligence

File Origin

# of uploads :

# of downloads :

146

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/216271/

Detection(s):

SecuriteInfo.com.Variant.Fragtor.51189.16486.3519.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Launching a process

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/61c6603dec6c6c14a9f05f38/reports/57fa2950-7d84-4d93-8d35-4b244ec0c1d6/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/cd15d8a7-5f96-4834-a15f-83b6b859c81e

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d54070b0b5a697330cc4da2a712d3f299f4468dca0175b9bc426231ea82ceb6f/

Threat name:

Win32.Trojan.Fragtor

Status:

Malicious

First seen:

2021-12-25 00:05:17 UTC

File Type:

PE (Dll)

Extracted files:

AV detection:

11 of 28 (39.29%)

Threat level:

5/5

Verdict:

malicious

Label(s):

emotet

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/211225-ac7csseefq/

Behaviour

Suspicious use of WriteProcessMemory

Unpacked files

SH256 hash:

4fefbb26fb89d29a794e23851b041d06f7b965ceade4a8dfb062f35eee74a5cf

MD5 hash:

c1a06a13a1de414cd29119046b31e1b6

SHA1 hash:

9316d13b40dcc3e3d63737b1f316d31d28f7e875

Detections:

win_emotet_a2

win_emotet_auto

Link:

https://www.unpac.me/results/cd353fd4-0670-4426-88cf-01be45ea9ea4/

SH256 hash:

d54070b0b5a697330cc4da2a712d3f299f4468dca0175b9bc426231ea82ceb6f

MD5 hash:

ac77fc9d016667a46532f20fda0b06b5

SHA1 hash:

81a9fb4de8fba8e6a7ac65c5529f31b65fa7ea44

Link:

https://www.unpac.me/results/cd353fd4-0670-4426-88cf-01be45ea9ea4/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/d54070b0b5a697330cc4da2a712d3f299f4468dca0175b9bc426231ea82ceb6f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Heodo

DLL dll d54070b0b5a697330cc4da2a712d3f299f4468dca0175b9bc426231ea82ceb6f

(this sample)

Cape

https://www.capesandbox.com/analysis/216271/

URLhaus

https://urlhaus.abuse.ch/url/1917293/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample