General

  • Target

    69a529e1280b2500363660685afdd98dece5d948df514bd7334bc42535ede785

  • Size

    1.8MB

  • Sample

    220520-gmcdqsfhbn

  • MD5

    c3e919a78e5d63cacfe13da2bbb506b0

  • SHA1

    9d4605096b01b58c5bea4011205c43efd39d9e0f

  • SHA256

    69a529e1280b2500363660685afdd98dece5d948df514bd7334bc42535ede785

  • SHA512

    679475d76633b9df934185763e8ae1c1d9127d3df7f69d3e1e1697f2e7f171863a4ace62965ce30627f40ec61099f24e8402a6492c28765615ec5604229c908d

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

C2

31.44.184.67:50027

31.44.184.67:50028

Attributes
  • service_name

    Enterprise Mailing Service

Targets

    • Target

      69a529e1280b2500363660685afdd98dece5d948df514bd7334bc42535ede785

    • Size

      1.8MB

    • MD5

      c3e919a78e5d63cacfe13da2bbb506b0

    • SHA1

      9d4605096b01b58c5bea4011205c43efd39d9e0f

    • SHA256

      69a529e1280b2500363660685afdd98dece5d948df514bd7334bc42535ede785

    • SHA512

      679475d76633b9df934185763e8ae1c1d9127d3df7f69d3e1e1697f2e7f171863a4ace62965ce30627f40ec61099f24e8402a6492c28765615ec5604229c908d

    • SendSafe

      SendSafe is a notorious spam tool which then turned into spam botnet.

    • SendSafe Payload

MITRE ATT&CK Matrix

Tasks