MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee972be50c5cbe8f04ca5648e6ea9cfabb897e38a9042e12e4280cc0e6905c8f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Emotet (aka Heodo)


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ee972be50c5cbe8f04ca5648e6ea9cfabb897e38a9042e12e4280cc0e6905c8f
SHA3-384 hash: c46e7f7e5e9036750205108aeef982a012fab39ad4110d2d6a42fa0517529465ecca3f202e4a5fb525381a050b3cccb9
SHA1 hash: b22d460716abc9e56f40b36b748f3f962dcd138d
MD5 hash: 7a57e5b735f35b5b60b84605591d2cc7
humanhash: summer-robert-uncle-orange
File name:7a57e5b735f35b5b60b84605591d2cc7.doc
Download: download sample
Signature Heodo
Create hunting rule
File size:105'617 bytes
First seen:2021-01-20 14:31:30 UTC
Last seen:Never
File type:Word file doc
MIME type:application/CDFV2
ssdeep 1536:+Yz6EYvgtCdOqbIoPaUtSPzPwFI7HvPxq4twtdARD3bNqfNpu39IId5a6XP3Mg8X:fR1qf69xak3MgxWP
TLSH 67A3388FE7A8D526D303467189F2FE842DA96C767A944C7319A2FE5F48FA4E0DC31610
Reporter abuse_ch
Tags:doc Emotet Heodo

Intelligence

File Origin
# of uploads :
1
# of downloads :
140
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
7a57e5b735f35b5b60b84605591d2cc7.doc
Verdict:
Malicious activity
Analysis date:
2021-01-20 14:50:34 UTC
Tags:
emotet-doc emotet
Link:
https://app.any.run/tasks/765cb760-b79b-482a-a37c-6cf551240973

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Legit
File type:
application/msword
Has a screenshot:
False
Contains macros:
False
Result
Verdict:
MALICIOUS
Details
Macro Execution Coercion
Detected a document that appears to social engineer the user into activating embedded logic.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ee972be50c5cbe8f04ca5648e6ea9cfabb897e38a9042e12e4280cc0e6905c8f/
Threat name:
Document-Office.Trojan.Emotet
Create hunting rule
Status:
Malicious
First seen:
2021-01-20 14:32:06 UTC
AV detection:
8 of 45 (17.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=52lsxzimls7i6bgkkzeon2u47k5ys7ryvecc4exefagmbzuqlshq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
macro ransomware xlm
Link:
https://tria.ge/reports/210120-p9r8c75jpn/
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Enumerates system info in registry
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Emotet
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ee972be50c5cbe8f04ca5648e6ea9cfabb897e38a9042e12e4280cc0e6905c8f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Heodo

Word file doc ee972be50c5cbe8f04ca5648e6ea9cfabb897e38a9042e12e4280cc0e6905c8f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/599808/
  
Delivery method
Distributed via web download

Comments