Analysis
-
max time kernel
151s -
max time network
157s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
17-08-2021 18:39
Static task
static1
Behavioral task
behavioral1
Sample
119.exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
119.exe
Resource
win10v20210408
windows10_x64
0 signatures
0 seconds
General
-
Target
119.exe
-
Size
1.9MB
-
MD5
7c7fec746b2fc47f631146706e822053
-
SHA1
a2213b498c9c939c97b69de3d121cfa48c961073
-
SHA256
7c48dedd2bff38bb1ff62ac75267827ca6bbe92297830569ec032b50ce5a103e
-
SHA512
de66aba4b26c067451b800af6959c7a475f70f4e65483edd58453a95b40cd7734dd66bddbf2fc33b0135b869a056e52b2f3b34c37c69313f3433b4732674ace9
Score
10/10
Malware Config
Extracted
Family
sendsafe
Botnet
UNREGISTERED
C2
31.44.184.119:50033
31.44.184.119:50034
Attributes
-
service_name
Enterprise Mailing Service
Signatures
-
resource yara_rule behavioral2/memory/808-115-0x0000000000400000-0x00000000005EE000-memory.dmp sendsafe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 808 119.exe 808 119.exe