Analysis
-
max time kernel
152s -
max time network
153s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
29-09-2021 14:17
Static task
static1
Behavioral task
behavioral1
Sample
91.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
91.exe
Resource
win10-en-20210920
windows10_x64
0 signatures
0 seconds
General
-
Target
91.exe
-
Size
1.9MB
-
MD5
b8f94c85cd5d1c37e884b016f3266586
-
SHA1
8f51937fdb353334cd457800c99d859dd4562cb0
-
SHA256
9a58ba68212ccfc1679461328b83bf6674bcc6a310d70f40ac62133dc1e34f9d
-
SHA512
15eefe7cd210826e2d2ef349ee92282838c7fbe5dca37c0fcf6d592d42163847afec4533853214a8aaf7bc930b9b451a1bf10fc00b403abd810c21a24ffd371c
Score
10/10
Malware Config
Extracted
Family
sendsafe
Botnet
UNREGISTERED
C2
31.44.184.91:50063
31.44.184.91:50064
Attributes
-
service_name
Enterprise Mailing Service
Signatures
-
Processes:
resource yara_rule behavioral1/memory/108-61-0x0000000000400000-0x00000000005EA000-memory.dmp sendsafe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
91.exepid process 108 91.exe