MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e12b58b042e361d227d4cc3e60e5b5c8ef49c7f70c306d1159c71a7eb335f5cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e12b58b042e361d227d4cc3e60e5b5c8ef49c7f70c306d1159c71a7eb335f5cd
SHA3-384 hash: 20d2a580b785189df4214ee1ac127b06e45955696d0759954bd01028f022419a3d330180fb23e786114849e5d6d98d7c
SHA1 hash: dc6115bdc6d63f476203e54e40cb35df72d4014d
MD5 hash: 7d8f0a53352c9188acef922dbecfa588
humanhash: december-wolfram-summer-fillet
File name:e12b58b042e361d227d4cc3e60e5b5c8ef49c7f70c306d1159c71a7eb335f5cd
Download: download sample
File size:591'536 bytes
First seen:2020-09-24 05:43:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5e73b19ed62be5256f3249cf57eebc14
ssdeep 12288:TCLIa6MfgkSnojUbPYLAwiw7gku+uFvTBMrKr:uLI8LLAwxgr7r
Threatray 38 similar samples on MalwareBazaar
TLSH D9C4072078E0D071D9A210F916ACBD3103FD9CA0CB2469D396DCF6EA9634DE17B3665B
Reporter JAMESWT_WT
Tags:NEEDCODE SP Z O O signed

Code Signing Certificate

Organisation:DigiCert High Assurance EV Root CA
Issuer:DigiCert High Assurance EV Root CA
Algorithm:sha1WithRSAEncryption
Valid from:Nov 10 00:00:00 2006 GMT
Valid to:Nov 10 00:00:00 2031 GMT
Serial number: 02AC5C266A0B409B8F0B79F2AE462577
Intelligence: 204 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 7431E5F4C3C1CE4690774F0B61E05440883BA9A01ED00BA6ABD7806ED3B118CF
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/65154/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching a process
Creating a process with a hidden window
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/473990
Signature
Contains functionality to inject code into remote processes
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 289441 Sample: xBUSzKSelr Startdate: 24/09/2020 Architecture: WINDOWS Score: 52 14 Multi AV Scanner detection for submitted file 2->14 7 xBUSzKSelr.exe 3 2->7         started        process3 signatures4 16 Contains functionality to inject code into remote processes 7->16 10 powershell.exe 7->10         started        process5 process6 12 conhost.exe 10->12         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e12b58b042e361d227d4cc3e60e5b5c8ef49c7f70c306d1159c71a7eb335f5cd/
Threat name:
Win32.Trojan.Emotet
Create hunting rule
Status:
Malicious
First seen:
2020-09-24 05:41:48 UTC
File Type:
PE (Exe)
Extracted files:
3
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
3d994a2f80a63f31bf56ddded5ed35f020c40c0324b3ab1935e08b15c25ba017
5942b57d50e389ec7be01bd5b4007249e3755064fe156941dfbe310f7fa53a73
67c08d2a21a3ade47ed790aa65ef7cbb117e32300b432f5be97d5ff13c745247
68a83d0a3bfcd1bcebf35eeba2bd778b2b64516f73cb2932ad9e6e4667dd9781
6c7f43434e5db8703c0a47dedeeab976159d8704bfbe2e4ff65405f38d508e9d
94ba896b284005a58298806bba47f725cdcaa1816b3c79226639cb145bf16886
a1bdc2ca2e359ac7d5c26afb3cd89bb39285b8a8acc5876e691ceb4ba807b704
a6cf85f38f11e82be3fbabc2f7ee0d07f608f30ceb92654ec2168c4fcfad56e0
dee6a220c1a2a3a53361c929e903744b78a751b93c38405e629aae4c16d1e597
df638bde1ffafcfb7a25fe30b631d549299f9502f23efc47fc5efaa118e96b97
+ 28 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/200924-ktnssvtyl2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates connected drives
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Emotet
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e12b58b042e361d227d4cc3e60e5b5c8ef49c7f70c306d1159c71a7eb335f5cd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/malwrhunterteam/status/1308851328442077185?s=20
Cape
Cape
https://www.capesandbox.com/analysis/65154/

Comments