emotet | 774b8b68dba141e5e6b32e566a7d5b4d4fce65572f706951d648656cac82b275 | Triage

Sharing

General

Target

774b8b68dba141e5e6b32e566a7d5b4d4fce65572f706951d648656cac82b275
Size

349KB
MD5

ea460a1279e9d1a68c779d84af0fc8e6
SHA1

00bc9afeaf55b5dc19fdd982d24439f094d450b2
SHA256

774b8b68dba141e5e6b32e566a7d5b4d4fce65572f706951d648656cac82b275
SHA512

444fb0ad0ec94330142b4d4018fa5280109716bd57eded002fe9a2e20ce2a441012ce6195c4bf3e8abdba0491955889746fec0263289d45bf7d56273d914fa8c

Score

10^/10

trojan banker emotet

Malware Config

Signatures

Emotet Payload 1 IoCs
Detects Emotet payload in memory.
trojan banker

Processes:

resource yara_rule

sample emotet
Emotet family
emotet

Files

774b8b68dba141e5e6b32e566a7d5b4d4fce65572f706951d648656cac82b275
.exe windows x86

8f9a124a88878ac62589c50d13924ff4

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

qsort
bsearch
wcslen

kernel32

VirtualFree
Process32Next
Process32First
CreateToolhelp32Snapshot
CloseHandle
SetLastError
HeapAlloc
HeapFree
GetProcessHeap
ExitProcess
VirtualAlloc
VirtualProtect
VirtualQuery
FreeLibrary
GetProcAddress
LoadLibraryA
LoadLibraryW
IsBadReadPtr

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 340KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ