sendsafe | 48d0e0d078cf974050b177c18d5f805ca0ad916a37ee15573fc4328da613d84e | Triage

Analysis

max time kernel
142s
max time network
145s
platform
windows10_x64
resource
win10-en-20210920
submitted
28-10-2021 13:06

Sharing

Report Analysis Logs

General

Target

79.exe
Size

1.8MB
MD5

b062ac64f0dd8e1812478b6d3dc163b8
SHA1

b294106c1d49b71d9b550f657553e9a5c096985a
SHA256

48d0e0d078cf974050b177c18d5f805ca0ad916a37ee15573fc4328da613d84e
SHA512

57e97346704284b5b188b25277f3e5a4f83a9b4dc5d962adbb60dbb9b3606cd649ac8a07d66bcef89a9f4cc6384fb2259582d6a1559d171391f7b9d6ce7f54ce

Score

10^/10

sendsafe unregistered botnet spam

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

C2

31.44.184.79:50073

31.44.184.79:50074

Attributes

service_name
Enterprise Mailing Service

Signatures

SendSafe
SendSafe is a notorious spam tool which then turned into spam botnet.
spam botnet sendsafe

SendSafe Payload 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/420-116-0x0000000000400000-0x00000000005D8000-memory.dmp	sendsafe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

79.exe

pid process

420 79.exe
420 79.exe

C:\Users\Admin\AppData\Local\Temp\79.exe
"C:\Users\Admin\AppData\Local\Temp\79.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/420-115-0x00000000022E0000-0x0000000002492000-memory.dmp

Filesize
1.7MB

Download
memory/420-116-0x0000000000400000-0x00000000005D8000-memory.dmp

Filesize
1.8MB

Download