Overview

overview

10

Static

static

1

502a0e6850...44.exe

windows7-x64

10

502a0e6850...44.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    502a0e685078b5c44fd566ea2f14c7f998fbb1d04f6527a5c289bc661e6b9944

  • Size

    943KB

  • Sample

    220719-leb58aahe5

  • MD5

    8e048607275f42adff61e4adfee9df0c

  • SHA1

    e371fddeb36b88381a7670a5fd32f6a0567d9124

  • SHA256

    502a0e685078b5c44fd566ea2f14c7f998fbb1d04f6527a5c289bc661e6b9944

  • SHA512

    0841226e5ed67a608047404b56f1ec97192bc446a06757b2bdc2c3bf9f7cfa3b9325bb9eb56cc81a30d289ce8624980ef752d1612a1ada53182575e404b1c00f

Score
10/10
sendsafeunregisteredbotnetspam

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

C2

91.220.131.43:50003

91.220.131.43:50004
Attributes
  • service_name

    Enterprise Mailing Service

Targets

    • Target

      502a0e685078b5c44fd566ea2f14c7f998fbb1d04f6527a5c289bc661e6b9944

    • Size

      943KB

    • MD5

      8e048607275f42adff61e4adfee9df0c

    • SHA1

      e371fddeb36b88381a7670a5fd32f6a0567d9124

    • SHA256

      502a0e685078b5c44fd566ea2f14c7f998fbb1d04f6527a5c289bc661e6b9944

    • SHA512

      0841226e5ed67a608047404b56f1ec97192bc446a06757b2bdc2c3bf9f7cfa3b9325bb9eb56cc81a30d289ce8624980ef752d1612a1ada53182575e404b1c00f

    Score
    10/10
    sendsafeunregisteredbotnetspam

    • SendSafe

      SendSafe is a notorious spam tool which then turned into spam botnet.

      spambotnetsendsafe

    • SendSafe payload

      botnet

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks