emotet | NEAS[.]667c2b36c909237bf1c8554f82c72550[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.667c2b36c909237bf1c8554f82c72550.exe
Size

64KB
MD5

667c2b36c909237bf1c8554f82c72550
SHA1

e8e04fad0d23214d875f4797bf6784667cc0fd3f
SHA256

84df28acc1db02d1ef9b83a71fdfa5372baf6de397c0ecab10fd00b322e34536
SHA512

ee91ff4e0d71cf2f7c509250ddc0cbc84f8d0202a8bb6e18c767d815da80725965d961dec0fb4315e5877f7247e6e88d315f48dfebc7568f3e518d53ee214824
SSDEEP

768:nfukIKii5557ebzNOgCz4yNXzNu8Ozc5Y98mcCY1YNmWN6kX7G+SBq:MXyNXIzc5m8mcRYNlN6S7GvBq

Score

10^/10

trojan banker emotet

Malware Config

Signatures

Emotet family
emotet

Emotet payload 1 IoCs

Detects Emotet payload in memory.

resource	yara_rule
sample	emotet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.667c2b36c909237bf1c8554f82c72550.exe

Files

NEAS.667c2b36c909237bf1c8554f82c72550.exe
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ