sendsafe | a19c22925856b0bae305967ac13e35babf31bd59c7e03662b71126f56ba041a5 | Triage

Analysis

max time kernel
139s
max time network
153s
platform
windows7_x64
resource
win7-20220414-en
submitted
25-05-2022 00:06

Sharing

Report Analysis Logs

General

Target

a19c22925856b0bae305967ac13e35babf31bd59c7e03662b71126f56ba041a5.exe
Size

2.1MB
MD5

9de8c58bce50d47be7ac227d4c0b1d57
SHA1

dc0aa1bf3ef425b40df474a3b7f49dbfe55950fc
SHA256

a19c22925856b0bae305967ac13e35babf31bd59c7e03662b71126f56ba041a5
SHA512

469655b3a0bea6d160e02a291a9aef22d137e6e68bab12c8b5a2c94e33e40c25d11bc1946dc26aeda592af525103009b868556968ca2b656ac601626dcdaee78

Score

10^/10

sendsafe unregistered botnet spam

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

C2

91.220.131.131:50011

91.220.131.131:50012

Attributes

service_name
Enterprise Mailing Service

Signatures

SendSafe
SendSafe is a notorious spam tool which then turned into spam botnet.
spam botnet sendsafe

SendSafe Payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1776-55-0x0000000000400000-0x0000000000731000-memory.dmp	sendsafe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

a19c22925856b0bae305967ac13e35babf31bd59c7e03662b71126f56ba041a5.exe

pid process

1776 a19c22925856b0bae305967ac13e35babf31bd59c7e03662b71126f56ba041a5.exe

C:\Users\Admin\AppData\Local\Temp\a19c22925856b0bae305967ac13e35babf31bd59c7e03662b71126f56ba041a5.exe
"C:\Users\Admin\AppData\Local\Temp\a19c22925856b0bae305967ac13e35babf31bd59c7e03662b71126f56ba041a5.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1776-54-0x0000000000BC0000-0x0000000000DBD000-memory.dmp

Filesize
2.0MB

Download
memory/1776-55-0x0000000000400000-0x0000000000731000-memory.dmp

Filesize
3.2MB

Download