emotet | 3717de2ca26b4eb2e7c80860192f43c58938a627101e34ed1573df5bf6188b31N[.]exe | Triage

Sharing

General

Target

3717de2ca26b4eb2e7c80860192f43c58938a627101e34ed1573df5bf6188b31N.exe
Size

88KB
MD5

c0947c3f5d586507e6ea4084e426a5c0
SHA1

dd3eb99deedc1347f34d0600f90ee333a3e77d3a
SHA256

3717de2ca26b4eb2e7c80860192f43c58938a627101e34ed1573df5bf6188b31
SHA512

5f04e7060f6c5b86d537c46d0a2d9b053273b739b2bb77a441c2ba6d7a76de887ac8037a1702871dad972adebc7f6abe9d9bfdc066fa864282b33a1931657fed
SSDEEP

768:4roILwnJs9IqHq32PZHSXqfMlklNTlGztWVyZywpo7c2A3hUiXS/TQXCePFzsucE:2TwuG8gq0liN00VWVpNUz/TArcxQH

Score

10^/10

trojan banker emotet

Malware Config

Signatures

Emotet family
emotet

Emotet payload 1 IoCs

Detects Emotet payload in memory.

Processes:

resource	yara_rule
sample	emotet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
3717de2ca26b4eb2e7c80860192f43c58938a627101e34ed1573df5bf6188b31N.exe

Files

3717de2ca26b4eb2e7c80860192f43c58938a627101e34ed1573df5bf6188b31N.exe
.dll windows:6 windows x86 arch:x86

8f9a124a88878ac62589c50d13924ff4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

qsort
bsearch
wcslen

kernel32

VirtualFree
Process32Next
Process32First
CreateToolhelp32Snapshot
CloseHandle
SetLastError
HeapAlloc
HeapFree
GetProcessHeap
ExitProcess
VirtualAlloc
VirtualProtect
VirtualQuery
FreeLibrary
GetProcAddress
LoadLibraryA
LoadLibraryW
IsBadReadPtr

Sections

.text
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ