MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1b3b5a0f763692e182e4ec002a871aa61c91341a448dd3241ff7c5d0be094f66. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1b3b5a0f763692e182e4ec002a871aa61c91341a448dd3241ff7c5d0be094f66
SHA3-384 hash: 146c328a873536bc143beb200230098075b6832c4f043191e8fc325bc1508f211e4361574ce20d3cb80f6be79289620c
SHA1 hash: 6fd282da40d46a04125dff860dbcb2a62f8ecc80
MD5 hash: 38ceb2e939c695759fee04be07a7274a
humanhash: fish-nine-nitrogen-india
File name:2a286fe22d6b983430efd8f000f483d7
Download: download sample
Signature Gozi
Create hunting rule
File size:160'768 bytes
First seen:2020-11-17 12:29:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3a9591dd47b1686df1607aa8d1830d44 (2 x Gozi)
ssdeep 3072:MHJNliq5dlZ/wfXehnO1WjnN0BDUGjgyUz7QwWcC/AOyO:mbD57Zy4OsjnNW4GjwkwW7obO
Threatray 1 similar samples on MalwareBazaar
TLSH F7F3D0016CFAB1FCD935987D84EC6BD62E49FE144B1CEF2B3F080ADAE5521461C652B8
Reporter seifreed
Tags:Gozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Using the Windows Management Instrumentation requests
Launching a process
Creating a window
DNS request
Sending an HTTP GET request
Sending a custom TCP request
Creating a file
Searching for the window
Deleting a recently created file
Result
Verdict:
0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1b3b5a0f763692e182e4ec002a871aa61c91341a448dd3241ff7c5d0be094f66/
Threat name:
Win32.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 12:32:26 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
defd6d5bb8cd5cbd01d7e805d2b0ae7d36a12da501e3dafd9a46baded1fe402d
Gozi
Result
Malware family:
gozi_ifsb
Create hunting rule
Score:
  10/10
Tags:
family:gozi_ifsb banker trojan
Link:
https://tria.ge/reports/201117-51zkwaxwpx/
Behaviour
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
JavaScript code in executable
Gozi, Gozi IFSB
Unpacked files
SH256 hash:
1b3b5a0f763692e182e4ec002a871aa61c91341a448dd3241ff7c5d0be094f66
MD5 hash:
38ceb2e939c695759fee04be07a7274a
SHA1 hash:
6fd282da40d46a04125dff860dbcb2a62f8ecc80
Link:
https://www.unpac.me/results/ce856134-3c0d-449b-9b97-9f0d83072941/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments