sendsafe | 24f77e925ecd537408005b80e69166b7182ab6a39d5b85248983e8bad794378b | Triage

Submit
Reports

Overview

overview

Static

static

3

25bcd6060e...18.exe

windows7-x64

25bcd6060e...18.exe

windows10-2004-x64

Sharing

General

Target

25bcd6060ef04d6b9f5bbf87b5438493_JaffaCakes118
Size

1.9MB
Sample

240508-t26mcade9z
MD5

25bcd6060ef04d6b9f5bbf87b5438493
SHA1

aa0d64a590db8a3082a62c0d8be746474da462db
SHA256

24f77e925ecd537408005b80e69166b7182ab6a39d5b85248983e8bad794378b
SHA512

36a98ca9cfbdb219a3f1d12fab873d5a4ec3ee946794b2ca9c94f6dc84799235b89d2dac60b0a011e2094b1298ab3427d4b139efed7dd17afb90fcf339db8b5a
SSDEEP

24576:r4AYYZY9ECkNyvJO8KubK0gull1sURO1d3aoburqG+859oXZpcF+Wsm8Gjs1hsgz:re9El00uu0xlbp8T3aobqcJudMPPWa

Score

10^/10

sendsafe unregistered botnet spam

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

25bcd6060ef04d6b9f5bbf87b5438493_JaffaCakes118.exe

Resource

win7-20240221-en

sendsafe unregistered botnet spam

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

25bcd6060ef04d6b9f5bbf87b5438493_JaffaCakes118.exe

Resource

win10v2004-20240226-en

sendsafe unregistered botnet spam

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

C2

31.44.184.68:50007

31.44.184.68:50008

Attributes

service_name
Enterprise Mailing Service

Targets

- Target
  
  25bcd6060ef04d6b9f5bbf87b5438493_JaffaCakes118
- Size
  
  1.9MB
- MD5
  
  25bcd6060ef04d6b9f5bbf87b5438493
- SHA1
  
  aa0d64a590db8a3082a62c0d8be746474da462db
- SHA256
  
  24f77e925ecd537408005b80e69166b7182ab6a39d5b85248983e8bad794378b
- SHA512
  
  36a98ca9cfbdb219a3f1d12fab873d5a4ec3ee946794b2ca9c94f6dc84799235b89d2dac60b0a011e2094b1298ab3427d4b139efed7dd17afb90fcf339db8b5a
- SSDEEP
  
  24576:r4AYYZY9ECkNyvJO8KubK0gull1sURO1d3aoburqG+859oXZpcF+Wsm8Gjs1hsgz:re9El00uu0xlbp8T3aobqcJudMPPWa
Score

10^/10

sendsafe unregistered botnet spam
- SendSafe
  SendSafe is a notorious spam tool which then turned into spam botnet.
  spam botnet sendsafe
- SendSafe payload
  botnet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

sendsafeunregisteredbotnetspam

behavioral2

sendsafeunregisteredbotnetspam

© 2018-2024

Terms | Privacy