emotet | 06c6442d5bb110140ac1cdbcf1be52388441b9a0750d59b743acc6b52d19582b_dump7_0x00400000 | Triage

Sharing

Copy URL Twitter E-mail

Reason

config extraction: Emotet2: emotet2: invalid pubkey length

General

Target

06c6442d5bb110140ac1cdbcf1be52388441b9a0750d59b743acc6b52d19582b_dump7_0x00400000
Size

68KB
MD5

0b2c74b03497a42190ad18f92e88fca7
SHA1

a53dc0f1f2cbacdde6e11efc564ddbea5fcbc33a
SHA256

e13dab944777cef591732f27a53c16d79288215d4e802fa5cf02794aaf8b4092
SHA512

227c9966769ea5fd3f61f3ec2e6daeac018022e5ee481555c68b2a885b29e9907c3198670b387422aad0d231fe4523d6a0133bd908027d7b26ec19e31a25484c
SSDEEP

1536:P+MPwg0GwVdaT1mgojaAhB3w7EHEFkb3iRPd0bC:+GhBmge30p2W7

Score

10^/10

trojan banker emotet

Malware Config

Signatures

Emotet family
emotet

Emotet payload 1 IoCs

Detects Emotet payload in memory.

resource	yara_rule
sample	emotet

Files

06c6442d5bb110140ac1cdbcf1be52388441b9a0750d59b743acc6b52d19582b_dump7_0x00400000
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ