sendsafe | ece78097b518756e973a2183e2c5075f1c1133b6abaf1d34b5dec39a6285f358 | Triage

Analysis

max time kernel
4294203s
max time network
149s
platform
windows7_x64
resource
win7-20220311-en
submitted
19-03-2022 11:42

Sharing

Report Analysis Logs

General

Target

ece78097b518756e973a2183e2c5075f1c1133b6abaf1d34b5dec39a6285f358.exe
Size

1.7MB
MD5

8ad1d303eb8cd37ccd68916bb007cc8a
SHA1

db4f8e16d7c1fa6c9a2aa92bb8be72e7bd7db000
SHA256

ece78097b518756e973a2183e2c5075f1c1133b6abaf1d34b5dec39a6285f358
SHA512

dd6affd15b225886e9abf0d1d03978c0b8d856a387992cdce293a7b3d521574fd792b6321740e0c3b499fcacb6d0d67d33b1b46044b0a3e3b036d86de8f98e60

Score

10^/10

sendsafe unregistered botnet spam

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

C2

195.2.240.119:50099

195.2.240.119:50100

Attributes

service_name
Enterprise Mailing Service

Signatures

SendSafe
SendSafe is a notorious spam tool which then turned into spam botnet.
spam botnet sendsafe

SendSafe Payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1656-56-0x0000000000400000-0x00000000005C9000-memory.dmp	sendsafe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

ece78097b518756e973a2183e2c5075f1c1133b6abaf1d34b5dec39a6285f358.exe

pid process

1656 ece78097b518756e973a2183e2c5075f1c1133b6abaf1d34b5dec39a6285f358.exe

C:\Users\Admin\AppData\Local\Temp\ece78097b518756e973a2183e2c5075f1c1133b6abaf1d34b5dec39a6285f358.exe
"C:\Users\Admin\AppData\Local\Temp\ece78097b518756e973a2183e2c5075f1c1133b6abaf1d34b5dec39a6285f358.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1656-54-0x0000000075E51000-0x0000000075E53000-memory.dmp

Filesize
8KB

Download
memory/1656-55-0x00000000020F0000-0x00000000022A2000-memory.dmp

Filesize
1.7MB

Download
memory/1656-56-0x0000000000400000-0x00000000005C9000-memory.dmp

Filesize
1.8MB

Download