Analysis
-
max time kernel
150s -
max time network
174s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
05-10-2021 17:36
Static task
static1
Behavioral task
behavioral1
Sample
179.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
179.exe
Resource
win10-en-20210920
windows10_x64
0 signatures
0 seconds
General
-
Target
179.exe
-
Size
1.9MB
-
MD5
4806ae57cd7d3b3a538e36a99674dab9
-
SHA1
7c2f8324f05c80dc7de4226848b82b6a200e94ea
-
SHA256
6b9f4586110bd5bc342318e6e73a21fd288afd670be55d9807ba7ec5b89c379d
-
SHA512
8bfcee127ca030d434f1fad39aec9fc08e8266099c8dcba74099274dfc61339ca0c4473c209a63748ed138fda8d3e60920193d4a79d537ae1ef9206fb4f8f937
Score
10/10
Malware Config
Extracted
Family
sendsafe
Botnet
UNREGISTERED
C2
31.44.184.179:50065
31.44.184.179:50066
Attributes
-
service_name
Enterprise Mailing Service
Signatures
-
SendSafe Payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1972-60-0x0000000000400000-0x00000000005EA000-memory.dmp sendsafe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
179.exepid process 1972 179.exe