MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 edd93ebe989113ce36f1d02759f2e617d73169557dcb84163db91e5a14f9c752. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Emotet (aka Heodo)

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	edd93ebe989113ce36f1d02759f2e617d73169557dcb84163db91e5a14f9c752
SHA3-384 hash:	1c959f3ea1f15e3ce8e50c00ea55605cd14801aa67372af75e073349bac1f5b55c108c26984915c624e629e2886da7bd
SHA1 hash:	11c188efe2b629f662dc475a86e00c3fa4751b89
MD5 hash:	cf346e278e8f2ee37d895d40a7d26511
humanhash:	hydrogen-jig-zebra-red
File name:	emotet_exe_e5_edd93ebe989113ce36f1d02759f2e617d73169557dcb84163db91e5a14f9c752_2021-11-24__204356.exe
Download:	download sample
Signature	Heodo Create hunting rule
File size:	482'816 bytes
First seen:	2021-11-24 20:44:02 UTC
Last seen:	2021-11-24 22:49:15 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	c78edb9d5780b46eaa0956a2852d0a7b (9 x Heodo)
ssdeep	12288:kCy25dXCvOvAei/n8f5oueeyju1oN4uYLtyFYeOKNx2U:keAeikf5iee8ERcy6nKNx2
Threatray	283 similar samples on MalwareBazaar
TLSH	T123A4BE11F583C133D0AE1430297DD6A60AAD7D304FB499EFA7D45A3E4D742C2AB31A7A
Reporter	Cryptolaemus1
Tags:	dll Emotet epoch5 exe Heodo

Cryptolaemus1

Emotet epoch5 exe

Intelligence

File Origin

# of uploads :

2

# of downloads :

108

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Detection(s):

SecuriteInfo.com.Trojan005690671.24037.26826.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Sending a custom TCP request

Launching a process

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/619ea41bf36138de3f3a960f/reports/b8b031c9-11e9-41c1-b607-7821bba58ef0/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/aaec5372-9c0b-4d11-99e6-b627990cb0d4

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/edd93ebe989113ce36f1d02759f2e617d73169557dcb84163db91e5a14f9c752/

Threat name:

Win32.Trojan.Emotet

Status:

Malicious

First seen:

2021-11-24 20:44:14 UTC

File Type:

PE (Dll)

Extracted files:

4

AV detection:

21 of 27 (77.78%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=5xmt5puysej44nxr2atvt4xgc7ltc2kvpxfyifr5xepfufhzy5ja._file

Verdict:

malicious

Label(s):

emotet

Similar samples:

067f4553e9455d958d1c231e6d9c199d6c0344f311eb0c38585d37be62178bff

2f8005abf81a8b9012f7c1ea0bb80e0548242cd7622b7f9512879e283d01b9e9

53bdf298136671fbd0439a89acb040c5050682e1cd70e5cd90ef2bd3b2a552f0

76816ba1a506eba7151bce38b3e6d673362355063c8fd92444b6bec5ad106c21

9a2e2a399c1166c7fc1140256e98594a34f4c6aa5e8f487452d04fa88df25a4d

9bd6222d52643d35e6ca9be6ef63967b04e41baf7c5949fae6555e40dc7816f2

ce18c8d3909983645f813da240fe1e3be014425585beb800de207f225e3bdbbe

ce896fcc7fb5fc6625bbbcfb3b3a20274ef57902d020fd34a673b89ad3edcbb6

f94a0020c6d039a0d9a531def8b152ee5a9500fd300259ba26cc935b3bedebe0

+ 273 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

n/a

Link:

https://tria.ge/reports/211124-zh55csdfck/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Suspicious use of NtCreateProcessExOtherParentProcess

Unpacked files

SH256 hash:

da5d4b4d6e9db446e95726c4118ad6b1155e6d6777e3d19f2ae192d12fa0c1d6

MD5 hash:

04bea4930be599343abb63924c39ca26

SHA1 hash:

d42b1d8b19b180ad4f72601ee2ca9984d03bf328

Detections:

win_emotet_a2

win_emotet_auto

Link:

https://www.unpac.me/results/d1031444-a408-4429-81f7-80dbb64a36cf/

SH256 hash:

edd93ebe989113ce36f1d02759f2e617d73169557dcb84163db91e5a14f9c752

MD5 hash:

cf346e278e8f2ee37d895d40a7d26511

SHA1 hash:

11c188efe2b629f662dc475a86e00c3fa4751b89

Link:

https://www.unpac.me/results/d1031444-a408-4429-81f7-80dbb64a36cf/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/edd93ebe989113ce36f1d02759f2e617d73169557dcb84163db91e5a14f9c752

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll edd93ebe989113ce36f1d02759f2e617d73169557dcb84163db91e5a14f9c752

(this sample)

Cape

Cape

https://www.capesandbox.com/analysis/209197/

URLhaus

https://urlhaus.abuse.ch/url/1813072/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample