Analysis

  • max time kernel
    151s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    17-08-2021 18:39

General

  • Target

    119.exe

  • Size

    1.9MB

  • MD5

    7c7fec746b2fc47f631146706e822053

  • SHA1

    a2213b498c9c939c97b69de3d121cfa48c961073

  • SHA256

    7c48dedd2bff38bb1ff62ac75267827ca6bbe92297830569ec032b50ce5a103e

  • SHA512

    de66aba4b26c067451b800af6959c7a475f70f4e65483edd58453a95b40cd7734dd66bddbf2fc33b0135b869a056e52b2f3b34c37c69313f3433b4732674ace9

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

C2

31.44.184.119:50033

31.44.184.119:50034

Attributes
  • service_name

    Enterprise Mailing Service

Signatures

  • SendSafe

    SendSafe is a notorious spam tool which then turned into spam botnet.

  • sendsafe 1 IoCs

    SendSafe Payload

  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\119.exe
    "C:\Users\Admin\AppData\Local\Temp\119.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1096-60-0x0000000075281000-0x0000000075283000-memory.dmp

    Filesize

    8KB

  • memory/1096-61-0x0000000001D50000-0x0000000001F02000-memory.dmp

    Filesize

    1.7MB

  • memory/1096-62-0x0000000000400000-0x00000000005EE000-memory.dmp

    Filesize

    1.9MB