emotet | 712360d329726db960b735a9ea26c1faaab33b2e4b8e0b567d61adb41e006badN[.]exe | Triage

Sharing

General

Target

712360d329726db960b735a9ea26c1faaab33b2e4b8e0b567d61adb41e006badN.exe
Size

58KB
MD5

3e53903152b934f8b0ad00c5d3c71310
SHA1

5609a49295ad3f5a50d3ad072ffcfb13700868c1
SHA256

712360d329726db960b735a9ea26c1faaab33b2e4b8e0b567d61adb41e006bad
SHA512

07d765b268cb1635e9b2eb14ed404cc384cf656bf6372811310489b942eb73331204e2a0f65afcfa769054ae51d2cca9dd1ade92cd032dfab67b7a4492d2f403
SSDEEP

768:jLo2dWDyLid06+Z3ZMUS7m/yAclFYR7AvUfJ1JP2knnPxCUrtd:fnWeM0pouqlXYREcfJb2knnQUr

Score

10^/10

trojan banker emotet

Malware Config

Signatures

Emotet family
emotet

Emotet payload 1 IoCs

Detects Emotet payload in memory.

resource	yara_rule
sample	emotet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
712360d329726db960b735a9ea26c1faaab33b2e4b8e0b567d61adb41e006badN.exe

Files

712360d329726db960b735a9ea26c1faaab33b2e4b8e0b567d61adb41e006badN.exe
.dll windows:6 windows x86 arch:x86

8f9a124a88878ac62589c50d13924ff4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

qsort
bsearch
wcslen

kernel32

VirtualFree
Process32Next
Process32First
CreateToolhelp32Snapshot
CloseHandle
SetLastError
HeapAlloc
HeapFree
GetProcessHeap
ExitProcess
VirtualAlloc
VirtualProtect
VirtualQuery
FreeLibrary
GetProcAddress
LoadLibraryA
LoadLibraryW
IsBadReadPtr

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ