MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e124d3e9087bcb39d6a8d6cf108de81271501f04ddd1d091b4795087a27f4f69. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Emotet (aka Heodo)


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e124d3e9087bcb39d6a8d6cf108de81271501f04ddd1d091b4795087a27f4f69
SHA3-384 hash: 6cb5982d96cde317982c241b06061c1e2507e210dcfc3d5a9c49e9509219cd643d07afcc7af26dd0b68fd95c15deeca6
SHA1 hash: c40435fc901ab27a0b108acabb78607546e5c57e
MD5 hash: efb101f863c51c25731059db72ea74fb
humanhash: low-ack-lemon-triple
File name:SecuriteInfo.com.Variant.Bulz.339626.14008.10748
Download: download sample
Signature Heodo
Create hunting rule
File size:49'152 bytes
First seen:2021-02-03 12:21:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 768:Wavm80J7boHCkYHpcdAy7gvb4q+56k428DM41RBRRdoNr:Wf80JPoHCPPvb4qt28DHWr
Threatray 41 similar samples on MalwareBazaar
TLSH 2723B68A25ACB058D2A21BB51C22FA713718D731AC619D0DB406D24DFEC15FF28DCADB
Reporter SecuriteInfoCom
Tags:Emotet Heodo

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'394
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
STEELWORKS RFQ-38166.doc
Verdict:
Malicious activity
Analysis date:
2021-02-03 07:43:48 UTC
Tags:
exploit CVE-2017-11882 opendir loader
Link:
https://app.any.run/tasks/7d309162-2d1e-42e1-bbe5-5f06ace12a4e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/115321/
Detection(s):
SecuriteInfo.com.Variant.Bulz.339626.14008.10748.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Connection attempt to an infection source
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/597771
Signature
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Potential time zone aware malware
Behaviour
Behavior Graph:
Download SVG
Detection:
agenttesla
Create hunting rule
Link:
https://mwdb.cert.pl/sample/e124d3e9087bcb39d6a8d6cf108de81271501f04ddd1d091b4795087a27f4f69/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-03 11:07:13 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
05120de86620e0480b31518890f08c9bf085559ca566630ac5a17439984475ff
Heodo
2acded4635676811aa81729461214aaa27994e81da6420d4809d6dec5a56c54c
Heodo
6d29aa2dae14893bc07f45bc71f6db450fd7e605c780b7a71753417508c0a661
Heodo
83b7795882150edb696797caf7164ada02b8818b5725457e8f198e58564710df
Heodo
8b2e2511d5ebbee5a597370b10bd62699406e8e0da0d45a5acf193a6a7ad5e3d
Heodo
a5062f91de393ec4ef3d88d42a44948985d0ecf0dbc8f76f3a6ff92d279598d5
Heodo
af9eb9e3503b1611d4c16861d860597c2e816e1971b4b6332d7ba202ea9b2594
Heodo
c3fc242f919ef27d4c58f6ca5054050513f63c00be0b8136cef28d1f04344d31
Heodo
d035d585ee6242cc4812bb12eb7e9e86878ea40c4cb10c2c9ebc76cb3cae4d75
Heodo
fc1b51106633fe605d248dcb477e7533293e95b2d3e8fac9f4f6ac52130e8bb8
Heodo
+ 31 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/210203-tw8lnx3gbe/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
e124d3e9087bcb39d6a8d6cf108de81271501f04ddd1d091b4795087a27f4f69
MD5 hash:
efb101f863c51c25731059db72ea74fb
SHA1 hash:
c40435fc901ab27a0b108acabb78607546e5c57e
Link:
https://www.unpac.me/results/336544ab-b48f-4e9c-ae34-e15376e955a7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e124d3e9087bcb39d6a8d6cf108de81271501f04ddd1d091b4795087a27f4f69

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Heodo

Executable exe e124d3e9087bcb39d6a8d6cf108de81271501f04ddd1d091b4795087a27f4f69

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/115321/
  
URLhaus
https://urlhaus.abuse.ch/url/988957/
  
Delivery method
Distributed via web download

Comments