MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1007538050a92f07d23ac2be6956f577fbfd459381415b40a3b53b794a6d5211. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1007538050a92f07d23ac2be6956f577fbfd459381415b40a3b53b794a6d5211
SHA3-384 hash: a1460f880dc232a1f25ffd64000aa977a62346a8ceb5f0c7776b00a43888ba944df6c523dc341e6fc14385bfcd375eeb
SHA1 hash: 7a2eeacb8f8167647759a10d4686d92810d53024
MD5 hash: ec7c1f9960dae10f6c7970c54e7cfd88
humanhash: beryllium-cold-asparagus-december
File name:5f044c8e2c2d0.dll
Download: download sample
Signature Gozi
Create hunting rule
File size:229'376 bytes
First seen:2020-07-07 10:24:47 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash f8bd347e1457e9c80413fc0c48646be6 (1 x Gozi)
ssdeep 3072:eYlcmXw47bbGEVmHDy6cK2GXvzIXiF0iNjAmIEBi2Z1PgWXI4ZhdzdRrv2Q1TX+6:JTRzeDy6cu/zIriRod+ddv2QBoE
Threatray 724 similar samples on MalwareBazaar
TLSH 1424D1212F66887EF29B0B3E483A82718559FEC91D34D4E721E2968F06771D7C1B9F09
Reporter JAMESWT_WT
Tags:dll Gozi isfb Ursnif

Intelligence

File Origin
# of uploads :
1
# of downloads :
122
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/22234/
Detection(s):
SecuriteInfo.com.BScope.Trojan.Wacatac.10473.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Using the Windows Management Instrumentation requests
Creating a window
Searching for the window
DNS request
Detection:
isfb
Create hunting rule
Link:
https://mwdb.cert.pl/sample/1007538050a92f07d23ac2be6956f577fbfd459381415b40a3b53b794a6d5211/
Threat name:
Win32.Trojan.Ursnif
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 10:26:05 UTC
File Type:
PE (Dll)
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cadvhacqvexqpur2yk7gsvxvo7572rmtqfavwqfdwu5xsstnkiiq._file
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
346b977e05b99881c7ec168c2fa0b68f84ec633d764eb52dd9795e372f45b1b4
Gozi
34fd926b213a1c5726124dff74dbf69c731f8e823168d17cc1c9448501ed314f
Gozi
54605638380151e63c23aa77cb6ecf309fb943eb9f7e4d96c1dce197c2bddf21
Gozi
77ded4f64eec0094fdfa843dfe4f36a559fbf8fa5c39fda7b63013def76ace7b
Gozi
8116f086d5b222ea6d3ac385bbc8f3a88c19f920435e1ba274a1f46702ab10a2
Gozi
d5b2b88dab809a7cc7688d6358c2b2d78b0f5278c72226f79673fce1bfe3aafa
Gozi
dc0df8f5ee0e898e069643a84cbc8154d6191f081665e245f1a9e2085028062f
Gozi
f2f44eec27272e3c0005982960896ab57da9a745ab2d4a1249da3fc8eddfad30
Gozi
f53226476a8190fb69a366544e4f394e50e487c429977165a5efdd9e1dbec83e
Gozi
fb75efa8434d35a049d6608b6534df5c0716d33eb373f63cda5333796e16f1ec
Gozi
+ 714 additional samples on MalwareBazaar
Result
Malware family:
gozi_ifsb
Create hunting rule
Score:
  10/10
Tags:
banker trojan family:gozi_ifsb
Link:
https://tria.ge/reports/200707-jkbvdkmd5e/
Behaviour
Modifies system certificate store
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Checks whether UAC is enabled
Modifies Internet Explorer settings
Gozi, Gozi IFSB
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/22234/

Comments