MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 15e6a048813e1fa7e06751b3cccd6125d7b8efb3ed160931213ac44eafa60807. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 15e6a048813e1fa7e06751b3cccd6125d7b8efb3ed160931213ac44eafa60807
SHA3-384 hash: fce6ddfe86112c0cc98fab34d42dff56d75f74ea34ccbb4f062b7c5c5565ad5a31bc0457dca58389c48ef1400518b1e3
SHA1 hash: 2506fb0f8e03108b5e4ee4555e6d9f309f4f8936
MD5 hash: 96ede22c743f990a839949fb3edd381b
humanhash: burger-cardinal-virginia-nebraska
File name:SecuriteInfo.com.Win32.GenKryptik.EGOC.23827
Download: download sample
Signature Gozi
Create hunting rule
File size:542'208 bytes
First seen:2020-03-18 23:41:59 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 26e34cf36a6751e2ee3b24f776d677bf (2 x Gozi)
ssdeep 12288:uMFaRxiRVw4GEBkvkNbBUT29aCBYC8Hc/sdL9nHGqxHZC5g:uMkxh49kvkNbHCW0d5HG0Ce
Threatray 105 similar samples on MalwareBazaar
TLSH 31B4BF107BA0E036F0F65AB99E76D3B8462D3E909B3480CB31D56EDB52782E69D30717
Reporter SecuriteInfoCom
Tags:Gozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.GenKryptik.EGOC.23827.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Cridex
Create hunting rule
Status:
Malicious
First seen:
2020-03-19 01:41:06 UTC
AV detection:
23 of 30 (76.67%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
29bf6be1fa9e4b72bb9e2eeb8156ea1c03311d157d1bb28a0cea1328c6fd473d
Gozi
81a9eb444ffc7c5a700d4da6198c2f929d0e312d38667b9d3e29740eccabca3f
Gozi
8d5a770975e52ce1048534372207336f6cc657b43887daa49994e63e8d7f6ce1
Gozi
8d85f53634baffb8ccd9907595a253fff4542f33b158e8a57223c5ff51dfa1d3
Gozi
bbbc1a46aa7998a12dc9b13c29b5204b784669e60d8bb1d05fbf2741abf68342
Gozi
bc2cea17da33c23edbb0c86ab00b3ec3b4a2f4da84fb075922e41b7bf6b654f0
Gozi
cb762227729d0faadc4c33a4a55b513673a9c76284773535b0e07d7e47d8413e
Gozi
d60dc6965f6d68a3e7c82d42e90bfda7ad3c5874d2c59a66df6212aef027b455
Gozi
edb9d542cbc5ab07fd52792e20294f82b51de49c3d32938cbd9b55b2374d2b55
Gozi
fe6778684fe56f143efd0bfae3e127f0c615f11d47e302e68a9eb1f83f7a6511
Gozi
+ 95 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/15e6a048813e1fa7e06751b3cccd6125d7b8efb3ed160931213ac44eafa60807

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gozi

DLL dll 15e6a048813e1fa7e06751b3cccd6125d7b8efb3ed160931213ac44eafa60807

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/326562/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CloseHandle
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetCommandLineA
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleCP
KERNEL32.dll::GetConsoleMode
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateFileW
KERNEL32.dll::GetTempPathA

Comments