MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2b648f76aaae28bfbe8e9e4be3db323aefd3933a60ad6ec4d1847b78d8282a3f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2b648f76aaae28bfbe8e9e4be3db323aefd3933a60ad6ec4d1847b78d8282a3f
SHA3-384 hash: 6caa77d260867bbb9a0beffd366ed76a1d97db97fbbb40ad65eff92df944f02d61c6d785d2804452b61162215f167ff4
SHA1 hash: c409ef66534c30cbf9bd5866fb6ef1bfca2935e9
MD5 hash: 8a523867c27c8ce224cc290c5de2f943
humanhash: charlie-stream-west-princess
File name:SecuriteInfo.com.Generic.mg.8a523867c27c8ce2.3709
Download: download sample
Signature Gozi
Create hunting rule
File size:1'246'170 bytes
First seen:2020-05-05 06:48:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 01d7227a456fdf84e285a86508846da2 (5 x Gozi)
ssdeep 1536:PcBApELZHLAzOoTo1ZKrY73/iegaWpCcj7lUFQaL7YywBu3POPMrr:kFZHLAjT6ZUm6e0j7+FBo2POPG
Threatray 668 similar samples on MalwareBazaar
TLSH 2045AD053BA0953AE09515305256CE728622BD706B4B87DF336DFC0AF9713D2DC36AAB
Reporter SecuriteInfoCom
Tags:Gozi

Code Signing Certificate

Organisation:Datamean Technologies LTD
Issuer:Sectigo RSA Code Signing CA
Algorithm:sha256WithRSAEncryption
Valid from:Apr 10 00:00:00 2020 GMT
Valid to:Apr 10 23:59:59 2021 GMT
Serial number: 243F599AF4D8BC8D1B311431EA865223
Intelligence: 6 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 373BC53FEA9266BCBBAFAA1F30345BB724D6598212BC2ED935214D4FFE81D281
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis20F04F0EE573.28740.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Ursnif
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 07:35:47 UTC
File Type:
PE (Exe)
Extracted files:
25
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
23155ae9b7f7b7884dfdc820fd77f7600875dafcf39df4d941240f90fe06ae2d
Gozi
278e368f49b3dc5e72eb5c81abc8b379167ab4a1ef282c61485dccd5cbd12b8d
Gozi
30c57f5803c861c2d36fc003f855ee9857e4aebc864be6b9f898176f93e3cbd3
Gozi
562b6f9799bf19a42aa840a2f7178cc11bce20110ade85cf354a57dd0b569824
Gozi
5804bc1b3709fb141a9886fded0f418553b8a4fb3fbafe8dcd7e7ede5cc55157
Gozi
6e079394b3a3085d572975115b334d813a79cd5833509b6afa45542687a5dfce
Gozi
89146747e32e3c641c05585ff782874aeca718398f189a7dc37dd0e9b55895a5
Gozi
9ee6e02a3e8070a4d501f7033f54d17781d2d4f43bf3b0717e15d63a1fa2e145
Gozi
b3080e3dea927ae5c6d02fad35de244bf93c1d2594ad0d8cfb3900aaaa014f30
Gozi
f6fc7442449ac48b039f5e29230bd26383b62bee2a050f5e81553755b69e6f25
Gozi
+ 658 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-y3er7e5sv6/
Behaviour
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments