emotet | b99ae45c7731a0182fa7be4fd2c65583e6325ef1f3eb0a29b77d8bcffa53b312 | Triage

Sharing

General

Target

b99ae45c7731a0182fa7be4fd2c65583e6325ef1f3eb0a29b77d8bcffa53b312
Size

57KB
MD5

7f87083b1010ecfe9ba64d1ff1fb2a98
SHA1

70f95f3ddb343f2b4e5b5548473e1052ce8a6470
SHA256

b99ae45c7731a0182fa7be4fd2c65583e6325ef1f3eb0a29b77d8bcffa53b312
SHA512

a1c060690f71a085eea450cc08dcc6f38c8d6537ecfe5b008d85547aa45174b6b1490d480358c6cfbbf21534d67f87cbfb43064ef712f6be86fd9ba73f750db3
SSDEEP

768:qLo2dWD44TAjkyUEfZGvPpNPqzvuhR/2Q293H7lbqne6ZlOS/1XlkcROFsNjb23:AnW0YpEfoHpNSzvuhk9XxMe6/tXlLdb

Score

10^/10

trojan banker emotet

Malware Config

Signatures

Emotet family
emotet

Emotet payload 1 IoCs

Detects Emotet payload in memory.

resource	yara_rule
sample	emotet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b99ae45c7731a0182fa7be4fd2c65583e6325ef1f3eb0a29b77d8bcffa53b312

Files

b99ae45c7731a0182fa7be4fd2c65583e6325ef1f3eb0a29b77d8bcffa53b312
.dll windows:6 windows x86 arch:x86

8f9a124a88878ac62589c50d13924ff4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

qsort
bsearch
wcslen

kernel32

VirtualFree
Process32Next
Process32First
CreateToolhelp32Snapshot
CloseHandle
SetLastError
HeapAlloc
HeapFree
GetProcessHeap
ExitProcess
VirtualAlloc
VirtualProtect
VirtualQuery
FreeLibrary
GetProcAddress
LoadLibraryA
LoadLibraryW
IsBadReadPtr

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ