sendsafe | 7c48dedd2bff38bb1ff62ac75267827ca6bbe92297830569ec032b50ce5a103e | Triage

Analysis

max time kernel
151s
max time network
157s
platform
windows10_x64
resource
win10v20210408
submitted
17-08-2021 18:39

Sharing

Report Analysis Logs

General

Target

119.exe
Size

1.9MB
MD5

7c7fec746b2fc47f631146706e822053
SHA1

a2213b498c9c939c97b69de3d121cfa48c961073
SHA256

7c48dedd2bff38bb1ff62ac75267827ca6bbe92297830569ec032b50ce5a103e
SHA512

de66aba4b26c067451b800af6959c7a475f70f4e65483edd58453a95b40cd7734dd66bddbf2fc33b0135b869a056e52b2f3b34c37c69313f3433b4732674ace9

Score

10^/10

sendsafe unregistered botnet spam

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

C2

31.44.184.119:50033

31.44.184.119:50034

Attributes

service_name
Enterprise Mailing Service

Signatures

SendSafe
SendSafe is a notorious spam tool which then turned into spam botnet.
spam botnet sendsafe

sendsafe 1 IoCs

SendSafe Payload

Processes:

resource	yara_rule
behavioral2/memory/808-115-0x0000000000400000-0x00000000005EE000-memory.dmp	sendsafe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

119.exe

pid process

808 119.exe
808 119.exe

C:\Users\Admin\AppData\Local\Temp\119.exe
"C:\Users\Admin\AppData\Local\Temp\119.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/808-114-0x00000000023A0000-0x0000000002552000-memory.dmp

Filesize
1.7MB

Download
memory/808-115-0x0000000000400000-0x00000000005EE000-memory.dmp

Filesize
1.9MB

Download