sendsafe | 5839f634f394ae2780b42f8fafb36a8fb452c853cf8ae160725bcd9acec60fdf | Triage

Analysis

max time kernel
149s
max time network
153s
platform
windows10_x64
resource
win10-en-20210920
submitted
05-10-2021 17:35

Sharing

Report Analysis Logs

General

Target

119.exe
Size

1.9MB
MD5

5ccc9d91153304f7cfca984270a74e6d
SHA1

3718f5677d7c4a8fb09a65862691ba370b84cb56
SHA256

5839f634f394ae2780b42f8fafb36a8fb452c853cf8ae160725bcd9acec60fdf
SHA512

40671e882cb91a82e4960ba303bb1be03077291dd68c0afb86704df1d20ea732b3917086261cc46b8270bc324c4c8044a5e18adafe4badc6e77ca4c5a121b5d5

Score

10^/10

sendsafe unregistered botnet spam

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

C2

31.44.184.119:50065

31.44.184.119:50066

Attributes

service_name
Enterprise Mailing Service

Signatures

SendSafe
SendSafe is a notorious spam tool which then turned into spam botnet.
spam botnet sendsafe

SendSafe Payload 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2384-116-0x0000000000400000-0x00000000005EA000-memory.dmp	sendsafe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

119.exe

pid process

2384 119.exe
2384 119.exe

C:\Users\Admin\AppData\Local\Temp\119.exe
"C:\Users\Admin\AppData\Local\Temp\119.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2384-115-0x0000000002400000-0x00000000025B2000-memory.dmp

Filesize
1.7MB

Download
memory/2384-116-0x0000000000400000-0x00000000005EA000-memory.dmp

Filesize
1.9MB

Download