sendsafe | 7ff200e60567310e60ee9e6e94cfea71058a648b81c757f2841b243fd4102279 | Triage

Analysis

max time kernel
150s
max time network
194s
platform
windows7_x64
resource
win7v20210408
submitted
29-09-2021 14:17

Sharing

Report Analysis Logs

General

Target

79.exe
Size

1.9MB
MD5

5750a2f99d01b109567946629a2a0c6f
SHA1

37a34e3d50dca788fba8920f89cfe646bfad58cc
SHA256

7ff200e60567310e60ee9e6e94cfea71058a648b81c757f2841b243fd4102279
SHA512

f903c25a6e4f855177e730500537c48d4c094d6ef2023854512a79db64a2a297eeba15fed01e296de69e5bdd6959718f53d07fcabe643f6f6b6e0526bdfeb469

Score

10^/10

sendsafe unregistered botnet spam

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

C2

31.44.184.79:50063

31.44.184.79:50064

Attributes

service_name
Enterprise Mailing Service

Signatures

SendSafe
SendSafe is a notorious spam tool which then turned into spam botnet.
spam botnet sendsafe

sendsafe 1 IoCs

SendSafe Payload

Processes:

resource	yara_rule
behavioral1/memory/1240-60-0x0000000000400000-0x00000000005EA000-memory.dmp	sendsafe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

79.exe

pid process

1240 79.exe

C:\Users\Admin\AppData\Local\Temp\79.exe
"C:\Users\Admin\AppData\Local\Temp\79.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1240-60-0x0000000000400000-0x00000000005EA000-memory.dmp

Filesize
1.9MB

Download
memory/1240-59-0x0000000001E80000-0x0000000002032000-memory.dmp

Filesize
1.7MB

Download