MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 30c57f5803c861c2d36fc003f855ee9857e4aebc864be6b9f898176f93e3cbd3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 30c57f5803c861c2d36fc003f855ee9857e4aebc864be6b9f898176f93e3cbd3
SHA3-384 hash: 659eb4ee9169594a2e3f0666ff574129d08c54b37df00e7af0d452c126a5536522767fd76eb4d1d91b701551ca329e7d
SHA1 hash: 323230c722a536f19b518fb7e06b171f0f2aaad2
MD5 hash: 56bfc86d37cf08093ba1679344213040
humanhash: robert-one-diet-kentucky
File name:56bfc86d37cf08093ba1679344213040.exe
Download: download sample
Signature Gozi
Create hunting rule
File size:1'246'203 bytes
First seen:2020-05-05 07:18:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 01d7227a456fdf84e285a86508846da2 (5 x Gozi)
ssdeep 1536:PcBApELZHLAzOoTo1ZKrY73/iegaWpCcj7lUFQaL7YywBu3POPMrr:kFZHLAjT6ZUm6e0j7+FBo2POPG
Threatray 668 similar samples on MalwareBazaar
TLSH A645AD053BA0953AE09515305256CE728622BD706B4B87DF336DFC0AF9713D2DC36AAB
Reporter abuse_ch
Tags:exe Gozi isfb Ursnif

Code Signing Certificate

Organisation:Datamean Technologies LTD
Issuer:Sectigo RSA Code Signing CA
Algorithm:sha256WithRSAEncryption
Valid from:Apr 10 00:00:00 2020 GMT
Valid to:Apr 10 23:59:59 2021 GMT
Serial number: 243F599AF4D8BC8D1B311431EA865223
Intelligence: 6 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 373BC53FEA9266BCBBAFAA1F30345BB724D6598212BC2ED935214D4FFE81D281
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
107
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis20F04F0EE573.28740.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Ursnif
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 08:49:00 UTC
File Type:
PE (Exe)
Extracted files:
25
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
23155ae9b7f7b7884dfdc820fd77f7600875dafcf39df4d941240f90fe06ae2d
Gozi
278e368f49b3dc5e72eb5c81abc8b379167ab4a1ef282c61485dccd5cbd12b8d
Gozi
2b648f76aaae28bfbe8e9e4be3db323aefd3933a60ad6ec4d1847b78d8282a3f
Gozi
562b6f9799bf19a42aa840a2f7178cc11bce20110ade85cf354a57dd0b569824
Gozi
5804bc1b3709fb141a9886fded0f418553b8a4fb3fbafe8dcd7e7ede5cc55157
Gozi
6e079394b3a3085d572975115b334d813a79cd5833509b6afa45542687a5dfce
Gozi
89146747e32e3c641c05585ff782874aeca718398f189a7dc37dd0e9b55895a5
Gozi
9ee6e02a3e8070a4d501f7033f54d17781d2d4f43bf3b0717e15d63a1fa2e145
Gozi
b3080e3dea927ae5c6d02fad35de244bf93c1d2594ad0d8cfb3900aaaa014f30
Gozi
f6fc7442449ac48b039f5e29230bd26383b62bee2a050f5e81553755b69e6f25
Gozi
+ 658 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-ldktsyq1ye/
Behaviour
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gozi

Executable exe 30c57f5803c861c2d36fc003f855ee9857e4aebc864be6b9f898176f93e3cbd3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/358161/
  
Delivery method
Distributed via web download

Comments