MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 16e5ddfcf4902431e2566a2a04424e1b0236d2958647bd57b7075be0013c3de1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 16e5ddfcf4902431e2566a2a04424e1b0236d2958647bd57b7075be0013c3de1
SHA3-384 hash: d30bd71d86e527ccc4224c2e7c983e207ffdcde3282e481c9fc84c59631df2dce792c7aed866a62abd3e7cae026ad60f
SHA1 hash: e04b18bbc023bd32df83166046b79c26287b57dc
MD5 hash: 58235615794a661013ea23da827faaac
humanhash: oklahoma-uniform-hamper-vegan
File name:SecuriteInfo.com.Trojan.Dridex.704.8586.7501
Download: download sample
Signature Gozi
Create hunting rule
File size:662'528 bytes
First seen:2020-06-02 21:30:57 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 9b6633e85c68c0277bf2da68b640f509 (15 x Gozi, 2 x ZLoader)
ssdeep 12288:yFyxomntU5cu7cGDD+pJ7ZwwF3E+pgkbRzFyWBaobi/jDnQAVVR/VUR:yFyxomntU5dapcuxpgaHmPjVR/VU
Threatray 69 similar samples on MalwareBazaar
TLSH CDE4BE05B791D038F9B726F98EBEA1B8943D7DA05B2494CB23C41AEF55246F1AC30727
Reporter SecuriteInfoCom
Tags:Gozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Dridex.704.8586.7501.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 21:35:28 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
01173873e92d5dd520fa88e8587ec05c92e3f36f6136b8ff50fd1b0b13df1401
Gozi
106e4f35cac5e72d0ff42e92e5b0fe1ebdb5cf31aa9ae9fa18073c924ec0e635
Gozi
1b4e008beb2b395e53648c9a246ecafcb3df0543c5236a40cdb976a2007bbf97
Gozi
26625bd8081701ab5a248b4f6e726cd5ef07b43c817e5499b766f89980532952
Gozi
8564809c3aaa8e94463ec9ac0fb4e51c52c5e57a25ea09a997258184c656389a
Gozi
8914aa5433f7284881402dc27336d96baa74c6e7ce16f28531bb917c1dfa3e0f
Gozi
8e0238b207985132e60e6f5bc764a6756bce554f9c27b922f1d7e40950a3bbdc
Gozi
b580afe615e4e13cffbcd130379521dcfdd89c2b36a0ab1d4b5fef98814b141e
Gozi
bd0d1a5cc00640c72a4581df4d4c86caa627b07f1b8931920b9742855db35851
Gozi
f54d245e7fdffb4b6886f2e68c401c4afde2637359aa5f0fb2b1a1c2eadde6c3
Gozi
+ 59 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
family:zloader botnet:bot5 campaign:bot5 botnet trojan
Link:
https://tria.ge/reports/201109-jthffnthtn/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
https://militanttra.at/owg.php
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments