sendsafe | a0c2f11617206b674b728d12b9a6f8e0c16ccaa633e3d21dc051733a65564827 | Triage

Analysis

max time kernel
143s
max time network
143s
platform
windows7_x64
resource
win7-en-20211014
submitted
19-10-2021 17:19

Sharing

Report Analysis Logs

General

Target

79.exe
Size

1.8MB
MD5

657ce5ecaa9fa76d02a1a246bd0a585e
SHA1

6215082020db55ed27551ce11e78bee29f6475f2
SHA256

a0c2f11617206b674b728d12b9a6f8e0c16ccaa633e3d21dc051733a65564827
SHA512

4cf4ccb338e22ee8e69c0c50aae44dbb68421f3834796272ca1afa7b7a19cf1d522ebea79b79754e3d066e0b941159be364bb0f2de645c6052cf6f809c9e5810

Score

10^/10

sendsafe unregistered botnet spam

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

C2

31.44.184.79:50071

31.44.184.79:50072

Attributes

service_name
Enterprise Mailing Service

Signatures

SendSafe
SendSafe is a notorious spam tool which then turned into spam botnet.
spam botnet sendsafe

SendSafe Payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1684-55-0x0000000000400000-0x00000000005D8000-memory.dmp	sendsafe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

79.exe

pid process

1684 79.exe

C:\Users\Admin\AppData\Local\Temp\79.exe
"C:\Users\Admin\AppData\Local\Temp\79.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1684-55-0x0000000000400000-0x00000000005D8000-memory.dmp

Filesize
1.8MB

Download
memory/1684-54-0x0000000002030000-0x00000000021E2000-memory.dmp

Filesize
1.7MB

Download