MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d56c194df2f8e5bf105f37d01504e2443db5e0c86b99581e6cf71959eedb5653. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Emotet (aka Heodo)


Vendor detections: 8


Intelligence 8 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d56c194df2f8e5bf105f37d01504e2443db5e0c86b99581e6cf71959eedb5653
SHA3-384 hash: 6c5f5e79cc7fefc942fcb5a83fe9c3db286763b37356d9d4ea43a7045e0fbc3f059779059b24c0aa7ddc0349c8692fa9
SHA1 hash: 5ecac1f4b855a0d0a866c1ec42c092a7581fcf75
MD5 hash: 6405bc4b16e159d5fadb06d7fca07ffd
humanhash: rugby-carbon-berlin-venus
File name:d56c194df2f8e5bf105f37d01504e2443db5e0c86b99581e6cf71959eedb5653
Download: download sample
Signature Heodo
Create hunting rule
File size:896'000 bytes
First seen:2020-11-12 14:41:53 UTC
Last seen:2024-07-24 21:52:44 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3354bb2d6ddf47ac403a8f9603286564 (228 x Heodo)
ssdeep 24576:rPaMCn5hnjnnXfwt24DxVwlqQ6FDOAcutv0kR1:OH5hnjnnXfws4DxVnFqkJv
TLSH E5159C1176D2C073C162247649DEA779B2ABA5700FB877C3AB961B3C5E306D25E3834B
Reporter seifreed
Tags:Emotet Heodo

Intelligence

File Origin
# of uploads :
2
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Generic-9778295-0
Create hunting rule

Win.Packed.Emotet-9790742-0
Create hunting rule

Win.Packed.Emotet-9790818-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
Sending an HTTP POST request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d56c194df2f8e5bf105f37d01504e2443db5e0c86b99581e6cf71959eedb5653/
Threat name:
Win32.Trojan.Emotet
Create hunting rule
Status:
Malicious
First seen:
2020-11-12 14:46:19 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2vwbstps7ds36ec7g7ibkbhciq63lyginomvqhtm64mvt3w3kzjq._file
Verdict:
malicious
Label(s):
emotet
Create hunting rule
Result
Malware family:
emotet
Create hunting rule
Score:
  10/10
Tags:
family:emotet botnet:epoch3 banker trojan
Link:
https://tria.ge/reports/201112-x9vz77cjhj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Emotet Payload
Emotet
Malware Config
C2 Extraction:
73.100.19.104:80
103.3.63.137:8080
188.166.220.180:7080
192.175.111.217:7080
91.83.93.103:443
94.212.52.40:80
190.191.171.72:80
24.231.51.190:80
113.161.148.81:80
46.105.131.68:8080
223.17.215.76:80
45.239.204.100:80
185.80.172.199:80
91.75.75.46:80
190.151.5.131:443
60.125.114.64:443
77.74.78.80:443
175.103.38.146:80
58.27.215.3:8080
91.213.106.100:8080
125.200.20.233:80
195.201.56.70:8080
198.20.228.9:8080
190.194.12.132:80
103.80.51.61:8080
37.187.100.220:7080
179.5.118.12:80
143.95.101.72:8080
46.32.229.152:8080
185.208.226.142:8080
74.208.173.91:8080
185.142.236.163:443
85.75.49.113:80
157.7.164.178:8081
190.85.46.52:7080
203.56.191.129:8080
192.210.217.94:8080
192.163.221.191:8080
119.92.77.17:80
126.126.139.26:443
103.229.73.17:8080
79.133.6.236:8080
37.46.129.215:8080
113.193.239.51:443
116.202.10.123:8080
103.93.220.182:80
139.59.61.215:443
113.203.238.130:80
118.243.83.70:80
50.116.78.109:8080
115.79.59.157:80
203.153.216.178:7080
2.58.16.86:8080
172.105.78.244:8080
178.33.167.120:8080
139.59.12.63:8080
78.186.65.230:80
213.165.178.214:80
115.79.195.246:80
41.185.29.128:8080
37.205.9.252:7080
190.117.101.56:80
180.148.4.130:8080
172.96.190.154:8080
47.154.85.229:80
153.229.219.1:443
36.91.44.183:80
190.96.15.50:443
54.38.143.245:8080
5.79.70.250:8080
202.29.237.113:8080
190.192.39.136:80
118.33.121.37:80
190.164.135.81:80
180.21.3.52:80
75.127.14.170:8080
42.200.96.63:80
120.51.34.254:80
121.117.147.153:443
8.4.9.137:8080
162.144.145.58:8080
109.13.179.195:80
109.206.139.119:80
73.55.128.120:80
192.241.220.183:8080
116.91.240.96:80
88.247.58.26:80
Unpacked files
SH256 hash:
d56c194df2f8e5bf105f37d01504e2443db5e0c86b99581e6cf71959eedb5653
MD5 hash:
6405bc4b16e159d5fadb06d7fca07ffd
SHA1 hash:
5ecac1f4b855a0d0a866c1ec42c092a7581fcf75
Link:
https://www.unpac.me/results/10f52027-96f1-4276-b433-7b41553eb626/
SH256 hash:
ef098557149b1a0b8a4b88f315e818f0bb0671c7e6bb1d95f4e0f4f1733c94cf
MD5 hash:
789d0ebd4d206a18fde421318b8836bb
SHA1 hash:
315eee732891cb211a3c97453b737931fe60fe61
Detections:
win_emotet_a2
Create hunting rule
win_emotet_auto
Create hunting rule
Link:
https://www.unpac.me/results/10f52027-96f1-4276-b433-7b41553eb626/
Parent samples :
2c0bb9641d945be2382ece465ad33de11f78afa76d72847e6f106e14b076b921
a1876484821e187091ab967de3c5a625d94ad83b911d43a0de38b95614173aee
d687fb8028634be142a4f76b9e134be6d8d7f4e3dd75cc9f8c4e86bb4fd1ac85
d7a6a6c186d520aaa04991d798d1c85b94e5d7252e036c97e9d543ac95b13066
286aa942959f9ce2f506d4614aec28a25e4be2e3c0c026d027bf0f605fc8e407
8f7a676dafde9f5dfd4e5de41b39b177226ae4ed9779d7f46581337604b46df8
d8fd6ab7e9744c953a696ad7c25ad42a2e59e914e80d63fb519ba7c22ace3017
f190a6008aa54a5e9810a46a7a2218eee1deeda3814cf98184a70bb2a3d59239
f2dc87d68dcfe3344ae99bcb0725793263f4703a3bff5448855695885744e507
12fc1114c571f34a02d69272bb3d192bc73989ecf9835e7822d2e51f0f6dfc14
01fdbac1724747d8ebb292e6553e89b5063d8208328e6ca4ac6a41875d0ff6de
4f03477772ce954c14384373b1a541b9a0ab33d5b97bffd00ab9b3da69d42a93
52857e719add74e30a334a470f0a36b79d2cff943a0e6c3ca541b29962db0895
a7d469820f176931ab825879095eb26323c9265f4e7f15d172992a3d97bda30f
c5c4b76fc9745319e15ebedca28a764c3bdc46c641e2c941490cb5bde718bbf8
78ed6606b1a2c8bcef7014f0e510ceaab2283277f544fe86259fe2b8d7685e43
e5bff48f03f2d64c75a23853c983f190e874278e4bbb56701ada8e2d3fc7ebb3
ea4c22f894fa55345ee0c8cb8b3c27478dae7392be5b47ddb9f032c806921362
b76ef298b08ea0b89157db9174a6b9ea9f05db685cb9083677c5c97c61a1e0a3
1e17350e7b833cbe46c3dacb7ed01439401cd4fb8eafe0040bdff594d5580662
6950784c6e8b0d6ce4454d4927f507453ded04c95fa3f281a66cb248378af091
fc8ef94a64eeb6154b6dea0487cad2216a4e870ca89befead8d8e23ead3045da
fcf7d39a19e35c4cec046ec074cedf390ae4952e48fcc80a8eb4c77ba00e5c8a
d021bc43ae8872a45fdde639d50232ff87f13f8e937562f4a2a83af6559f2bd6
e5b92569911eae8346fee68bba933805254950e31856816a0e9fdf3f74f933ac
eaa1eeb4b9f8adde4fc0583198edd58c755314ae189d2e72b0c19d7e46040954
1cf7b40f693e041f62842f2defd4e2a681c4601a2f706cfa5a18c6fd7e4b09fd
b0038dc9920a5c23309ee390aeec869c7f26f016f93a85db2915a94d821be167
cd0586e5acd4b1cbcb0813a13541b2e168418ebda6872b2d33946e87ebd2a8fc
733c86e6a63bcee1c721f29fe8ec4c08996baeb2fabf8a8573b89158630cee8d
366629d2b908148d1e4105f56ef592a50b7de80504766ec73f76ecf84c7ab74a
8012296abc5f0ced86d1ade34611f945833d5c72b6d829e2d99842ac4428ea81
d046840ac79152841d1f03948ced9d94f5c516fc1c07d996a4f7c3e4cab9bc86
40c01bcf360102606ce05b2f7cbb1366bfd5d377af5201a80044583a9e9dc3a8
9c288607252ac810e4a7ed779f982978296ac65762be0929671865f463ee4f67
647e4e78871842d5a4fd23f1443696851823b441c49fb7d0aaf82173c1a9540f
f97494a50b6f346e6e5f2d874cbd1e85b579247af1117bb5a48cb17b47bec346
58893efa015cc1cdfe171e4e6f30977d3c3420278cac75fd6e8c97f5f952ec78
4cd686f67d081cb308da8c0012d7f3a86380692158ff65601aae110ac662924c
97c2ebc48f09aef615a6db4a6dca9ed4e82039ccf530c93c30644ca3880eab41
d43c820f625040d4a3bf61643e41c73b19c1e574583e36c7a49bb77fbc50f683
0f09e66d1bdd09f557dc2f377b452a0d922e0248011c1a3bd5edcf8a66a276e5
005880e811fbf078b959a2a154cbf03e0ca4a6f2a43b45f14df6afde2549fed9
319dd8608a11767a10dec77b97a5f9d107eda302ecc5be2bf345d270b95e137b
519920f45c25048e408807ec843564a48a411f34afecad9479e0669f38793446
39d368c3f2edacc274036ab87ebf1e98d3c53caa46939909c55e0fef28e5a99f
21eca44f2c4f3a255c2a1ddc0a197691b51771c33b22d51dcee48ae12901bf0b
440baa8cbe989cdf080c14ae3688688ce72f7165a1f47b51bd30be58e3d845be
18a69bfeb75bf97e7a8920d48dd4a53ef8cf283b2c9cef3ec9f735345554815c
abda98718ff4bd6f1e986470a73aa95e849ec4bddf3932b058111a787986e019
d17936cab5ef32226293e8e4a1c5b3d3d4bad84f6986286cae1662a7ce19f96b
29811f3ccc1054f84fe03a6f6d9c60d0800e5e51007a68ed58d87c8bc38ec7e6
baff9d83a4a169a36cb52a0fd594e3591acdb2c0c3941278fe2243e2cff11a9b
d56c194df2f8e5bf105f37d01504e2443db5e0c86b99581e6cf71959eedb5653
3a9c7b8df2e1d6b3c47422870111b4c096d61f68f1c4c1758226e0b77cae373b
c237c40299519a72c6c7e00e4c40855f02df2ad3d464ea51ee2505aa7166f39c
a48f3230bc7132f3f68c942829c9c9e0d986d84161cc5dce6aa1c3305437b794
c9964f0cc6e0588b310664ac0cd318d64321b419cdbf2fc11557914d29d49471
b0195c7fc3213de577fcc3994531d0cb418fdc02679e1758984c7522edc002d8
09234dd913a7323c78a52dc75703bc6a021f948eccf877f7bac417efd364a824
31a7eede01961265a1bd9ed1157c735e33a509749f521594bc97b9f646522104
cd5ed9b7e17f20c7b51f89dd8536b635975ef1c4654db147737437812d8c0614
eb18cd13b4ee85c05aca4c0fc0d11268b28b5ab6c46dd84d5cd924198e6c4302
8c8379905b4370e383de63ddda387e7b0eab8ee1778e869884e9db2764e5ce74
cfe0177a7462f5510131f9bf9641db47bdd7dbbc170ce3927977045654683291
bccb270a57eb044b44b360484c0c4cb7acf336705a01bff52220f8fcb32ca5e6
c81af31040c6f4fc6aeaa8d8e4b3e74ef9bc752f3b0cc0dce80a9d5a3b95b7f2
SH256 hash:
829b571e30c5bf63aaef9972aa75ea29d748bba58686a010a8671d8c05ae69fc
MD5 hash:
835e356955b89df4be52694101429c9d
SHA1 hash:
c95e50b86938061da8000f020ef83422298cb234
Detections:
win_emotet_a2
Create hunting rule
win_emotet_auto
Create hunting rule
Link:
https://www.unpac.me/results/10f52027-96f1-4276-b433-7b41553eb626/
Parent samples :
2c0bb9641d945be2382ece465ad33de11f78afa76d72847e6f106e14b076b921
a1876484821e187091ab967de3c5a625d94ad83b911d43a0de38b95614173aee
d687fb8028634be142a4f76b9e134be6d8d7f4e3dd75cc9f8c4e86bb4fd1ac85
d7a6a6c186d520aaa04991d798d1c85b94e5d7252e036c97e9d543ac95b13066
286aa942959f9ce2f506d4614aec28a25e4be2e3c0c026d027bf0f605fc8e407
8f7a676dafde9f5dfd4e5de41b39b177226ae4ed9779d7f46581337604b46df8
d8fd6ab7e9744c953a696ad7c25ad42a2e59e914e80d63fb519ba7c22ace3017
f190a6008aa54a5e9810a46a7a2218eee1deeda3814cf98184a70bb2a3d59239
f2dc87d68dcfe3344ae99bcb0725793263f4703a3bff5448855695885744e507
12fc1114c571f34a02d69272bb3d192bc73989ecf9835e7822d2e51f0f6dfc14
01fdbac1724747d8ebb292e6553e89b5063d8208328e6ca4ac6a41875d0ff6de
4f03477772ce954c14384373b1a541b9a0ab33d5b97bffd00ab9b3da69d42a93
52857e719add74e30a334a470f0a36b79d2cff943a0e6c3ca541b29962db0895
a7d469820f176931ab825879095eb26323c9265f4e7f15d172992a3d97bda30f
c5c4b76fc9745319e15ebedca28a764c3bdc46c641e2c941490cb5bde718bbf8
78ed6606b1a2c8bcef7014f0e510ceaab2283277f544fe86259fe2b8d7685e43
e5bff48f03f2d64c75a23853c983f190e874278e4bbb56701ada8e2d3fc7ebb3
ea4c22f894fa55345ee0c8cb8b3c27478dae7392be5b47ddb9f032c806921362
b76ef298b08ea0b89157db9174a6b9ea9f05db685cb9083677c5c97c61a1e0a3
1e17350e7b833cbe46c3dacb7ed01439401cd4fb8eafe0040bdff594d5580662
6950784c6e8b0d6ce4454d4927f507453ded04c95fa3f281a66cb248378af091
fc8ef94a64eeb6154b6dea0487cad2216a4e870ca89befead8d8e23ead3045da
fcf7d39a19e35c4cec046ec074cedf390ae4952e48fcc80a8eb4c77ba00e5c8a
d021bc43ae8872a45fdde639d50232ff87f13f8e937562f4a2a83af6559f2bd6
e5b92569911eae8346fee68bba933805254950e31856816a0e9fdf3f74f933ac
eaa1eeb4b9f8adde4fc0583198edd58c755314ae189d2e72b0c19d7e46040954
1cf7b40f693e041f62842f2defd4e2a681c4601a2f706cfa5a18c6fd7e4b09fd
b0038dc9920a5c23309ee390aeec869c7f26f016f93a85db2915a94d821be167
cd0586e5acd4b1cbcb0813a13541b2e168418ebda6872b2d33946e87ebd2a8fc
733c86e6a63bcee1c721f29fe8ec4c08996baeb2fabf8a8573b89158630cee8d
366629d2b908148d1e4105f56ef592a50b7de80504766ec73f76ecf84c7ab74a
8012296abc5f0ced86d1ade34611f945833d5c72b6d829e2d99842ac4428ea81
d046840ac79152841d1f03948ced9d94f5c516fc1c07d996a4f7c3e4cab9bc86
40c01bcf360102606ce05b2f7cbb1366bfd5d377af5201a80044583a9e9dc3a8
9c288607252ac810e4a7ed779f982978296ac65762be0929671865f463ee4f67
647e4e78871842d5a4fd23f1443696851823b441c49fb7d0aaf82173c1a9540f
f97494a50b6f346e6e5f2d874cbd1e85b579247af1117bb5a48cb17b47bec346
58893efa015cc1cdfe171e4e6f30977d3c3420278cac75fd6e8c97f5f952ec78
4cd686f67d081cb308da8c0012d7f3a86380692158ff65601aae110ac662924c
97c2ebc48f09aef615a6db4a6dca9ed4e82039ccf530c93c30644ca3880eab41
d43c820f625040d4a3bf61643e41c73b19c1e574583e36c7a49bb77fbc50f683
0f09e66d1bdd09f557dc2f377b452a0d922e0248011c1a3bd5edcf8a66a276e5
005880e811fbf078b959a2a154cbf03e0ca4a6f2a43b45f14df6afde2549fed9
319dd8608a11767a10dec77b97a5f9d107eda302ecc5be2bf345d270b95e137b
519920f45c25048e408807ec843564a48a411f34afecad9479e0669f38793446
39d368c3f2edacc274036ab87ebf1e98d3c53caa46939909c55e0fef28e5a99f
21eca44f2c4f3a255c2a1ddc0a197691b51771c33b22d51dcee48ae12901bf0b
572da93bf0a39d3e05b7edea6f5917fac200bc5d4643843fa9b800f8dd70f293
39dd5b27379d1290defda833cb3a5f5586964c5f6f7b8f5ca578fb1a96270149
bf10a524f5672f535ce4ece1ffea8ae9ee05367261238893fb30539f00507c46
c9e8dc76a5ef9bb38d6896785783ed73cea9d03149fefc0405b1e32ec0515bbb
8ccd1c70fa74abc357140bc9e9a9e419a49e7ab43798d33b2f8910a1b92459eb
2fc62f25a94a09e12894bbfa97c11b818413badf70bc0bece525928d44d13453
63aafc1582db5b528289014452a7223bc54a86443688e04e1ec4807a78ceb864
caaa18e9b44529f92291297df01f4d74772875443806362d9c737ddd3852e2b8
536b010769d898abb90526c91edb7a7ffa5fc68d2ec2d6792948cb1d1b292593
c214d3fd3f6356daee217e9f964eae3d9306090d8dc7bf1e420f95e53e74240f
0a5a1c35304a81a6fa37632f8169fb13981009359653096f3947b9ba89851aab
58455e9f0d20775f420f11ad31a3f010262b877376c9349ebebe7a8faf28bff6
2df7179f73f5f829a40ccccd62f8a4d1bd23027d5243c208552d043d7f898d96
440baa8cbe989cdf080c14ae3688688ce72f7165a1f47b51bd30be58e3d845be
f6a1ff9e43e8f84058485a6e68a797a3b2b6d0ab09f3f1392ed7566f2f924ea0
4f48103da51de24baeb6b6f4d077d16ddfa97907c6de5a2c648517640a7378a4
18a69bfeb75bf97e7a8920d48dd4a53ef8cf283b2c9cef3ec9f735345554815c
0b3a43c7b28c10b804ce52c4bd2a5c9a5bfdb2763ab497935fc79bb1a363e8f5
a2ffd2ed406898282d0521aef5baf2252017ec80a129265005092172d991ffcd
14f783282f966acedc4f3dffd2e49624be720d7081b7a3dc4321f08639b7ae53
650794e9d58a071ed138e5a0011f27344299122e6919644ce96ab35f5a993a8d
e8a8f6b005041f6cd343a77e14d5635952763b652f0b2dbb82fd6ff1bbb04bd4
78b99bae918e03d70712d087fb11dc5d37f6d33d17f4d44f1186a04606ed3d84
abda98718ff4bd6f1e986470a73aa95e849ec4bddf3932b058111a787986e019
d17936cab5ef32226293e8e4a1c5b3d3d4bad84f6986286cae1662a7ce19f96b
555e69fdfb470ee1e9aa3bf31601d825067805f856f20c6e8e04498d26d9b6f8
29811f3ccc1054f84fe03a6f6d9c60d0800e5e51007a68ed58d87c8bc38ec7e6
baff9d83a4a169a36cb52a0fd594e3591acdb2c0c3941278fe2243e2cff11a9b
73097cc4e1d8127ee0d9dfc066c7f7b5ecce7b769aa22b562e98b33536e777c5
d56c194df2f8e5bf105f37d01504e2443db5e0c86b99581e6cf71959eedb5653
3a9c7b8df2e1d6b3c47422870111b4c096d61f68f1c4c1758226e0b77cae373b
c237c40299519a72c6c7e00e4c40855f02df2ad3d464ea51ee2505aa7166f39c
f13be2a4832c97c55783a96dc9489c188971fc6c82621cea65f2fec5a92f536e
22eb857274823d11737a43e6655c633c354b615d82794e4528b2a6330ac4f11d
a48f3230bc7132f3f68c942829c9c9e0d986d84161cc5dce6aa1c3305437b794
c9964f0cc6e0588b310664ac0cd318d64321b419cdbf2fc11557914d29d49471
b0195c7fc3213de577fcc3994531d0cb418fdc02679e1758984c7522edc002d8
09234dd913a7323c78a52dc75703bc6a021f948eccf877f7bac417efd364a824
31a7eede01961265a1bd9ed1157c735e33a509749f521594bc97b9f646522104
7b0edca38d5e74cefc3f30772b027412c723fa63246f543caf7d105ecce22537
cd5ed9b7e17f20c7b51f89dd8536b635975ef1c4654db147737437812d8c0614
5004444e88fc0f582da6d92c242a9f455316b0e1c9fa6f7eb71ceb8b3d23dcc9
8bf3ab6bfab8fd91cd892a381caee30f0b910ff461b2d99688d71ac467e636b4
eb18cd13b4ee85c05aca4c0fc0d11268b28b5ab6c46dd84d5cd924198e6c4302
56457550a2dd4b7159563969761e797a6a57ce0b7fa940485a8a4d7421349d3d
d7df0492057be80b0e0c16d02f019e2009f303b2861b1ec084a01187ad05a32f
8c8379905b4370e383de63ddda387e7b0eab8ee1778e869884e9db2764e5ce74
cfe0177a7462f5510131f9bf9641db47bdd7dbbc170ce3927977045654683291
ff533b9dea01b07adfea3b218f8df876292c04e978741618e7259db455815781
bccb270a57eb044b44b360484c0c4cb7acf336705a01bff52220f8fcb32ca5e6
c81af31040c6f4fc6aeaa8d8e4b3e74ef9bc752f3b0cc0dce80a9d5a3b95b7f2
c3cd451bb00ef117df035a69ba6e9a589c41bed6c2625df2e672a0f1c344d882
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Cobalt_functions
Create hunting rule
Author:@j0sm1
Description:Detect functions coded with ROR edi,D; Detect CobaltStrike used by differents groups APT
Rule name:Win32_Trojan_Emotet
Create hunting rule
Author:ReversingLabs
Description:Yara rule that detects Emotet trojan.
Rule name:win_emotet_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments