sendsafe | 41b3e54c6f6ce38b6f7d4a46d9f31cf239f8139fa1dbfd1a8099ac327c0672cb | Triage

Analysis

max time kernel
151s
max time network
152s
platform
windows10_x64
resource
win10-en-20210920
submitted
19-10-2021 17:15

Sharing

Report Analysis Logs

General

Target

179.exe
Size

1.8MB
MD5

26b3b8a5a8fb3c0acde4f567ee0685b3
SHA1

ca20c59d7bfd08dc153df6449c66dbc3966aa021
SHA256

41b3e54c6f6ce38b6f7d4a46d9f31cf239f8139fa1dbfd1a8099ac327c0672cb
SHA512

e26c790209fc060539e527d2dc1280ab72bc1681169e7c9ffd6d7494f4bfd9869810af46ed18d4da216e710cfb52f4923e74f90256f1bfbe51b580bf8dcbc067

Score

10^/10

sendsafe unregistered botnet spam

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

C2

31.44.184.179:50071

31.44.184.179:50072

Attributes

service_name
Enterprise Mailing Service

Signatures

SendSafe
SendSafe is a notorious spam tool which then turned into spam botnet.
spam botnet sendsafe

SendSafe Payload 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1812-116-0x0000000000400000-0x00000000005D8000-memory.dmp	sendsafe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

179.exe

pid process

1812 179.exe
1812 179.exe

C:\Users\Admin\AppData\Local\Temp\179.exe
"C:\Users\Admin\AppData\Local\Temp\179.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1812-115-0x0000000002360000-0x0000000002512000-memory.dmp

Filesize
1.7MB

Download
memory/1812-116-0x0000000000400000-0x00000000005D8000-memory.dmp

Filesize
1.8MB

Download