Analysis
-
max time kernel
151s -
max time network
152s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
19-10-2021 17:15
Static task
static1
Behavioral task
behavioral1
Sample
179.exe
Resource
win7-en-20211014
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
179.exe
Resource
win10-en-20210920
windows10_x64
0 signatures
0 seconds
General
-
Target
179.exe
-
Size
1.8MB
-
MD5
26b3b8a5a8fb3c0acde4f567ee0685b3
-
SHA1
ca20c59d7bfd08dc153df6449c66dbc3966aa021
-
SHA256
41b3e54c6f6ce38b6f7d4a46d9f31cf239f8139fa1dbfd1a8099ac327c0672cb
-
SHA512
e26c790209fc060539e527d2dc1280ab72bc1681169e7c9ffd6d7494f4bfd9869810af46ed18d4da216e710cfb52f4923e74f90256f1bfbe51b580bf8dcbc067
Score
10/10
Malware Config
Extracted
Family
sendsafe
Botnet
UNREGISTERED
C2
31.44.184.179:50071
31.44.184.179:50072
Attributes
-
service_name
Enterprise Mailing Service
Signatures
-
SendSafe Payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/1812-116-0x0000000000400000-0x00000000005D8000-memory.dmp sendsafe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
179.exepid process 1812 179.exe 1812 179.exe