emotet | 8e5e6ea5df246081f26e257e791c290e41de9271aba9d3e11256c69969e7aee8N[.]exe | Triage

Sharing

General

Target

8e5e6ea5df246081f26e257e791c290e41de9271aba9d3e11256c69969e7aee8N.exe
Size

100KB
MD5

4e3cc32349384b5115a8572a57449890
SHA1

8a8e46c2bb958a25482e7f34d5cd6e8513ece75b
SHA256

8e5e6ea5df246081f26e257e791c290e41de9271aba9d3e11256c69969e7aee8
SHA512

e9bd45a37bb4a8f339540f27a5bbc296a888d957184764eb8e628de25c1d5eb9c5105159f34348b0ae14f710033ecb831a0213da43688a9da08adcbeb3dd0242
SSDEEP

1536:7nWZ2tuLReicV0j7GR2cLQ1RXNDBPDWqvbf2q8t:W2tHt0j7sLojRWqvF

Score

10^/10

trojan banker emotet

Malware Config

Signatures

Emotet family
emotet

Emotet payload 1 IoCs

Detects Emotet payload in memory.

resource	yara_rule
sample	emotet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e5e6ea5df246081f26e257e791c290e41de9271aba9d3e11256c69969e7aee8N.exe

Files

8e5e6ea5df246081f26e257e791c290e41de9271aba9d3e11256c69969e7aee8N.exe
.dll windows:6 windows x86 arch:x86

8f9a124a88878ac62589c50d13924ff4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

qsort
bsearch
wcslen

kernel32

VirtualFree
Process32Next
Process32First
CreateToolhelp32Snapshot
CloseHandle
SetLastError
HeapAlloc
HeapFree
GetProcessHeap
ExitProcess
VirtualAlloc
VirtualProtect
VirtualQuery
FreeLibrary
GetProcAddress
LoadLibraryA
LoadLibraryW
IsBadReadPtr

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ