MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3bc4ab7cce74312ef62637623a5cfd9c4522271b6e5b1ead8b07613781baeb09. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3bc4ab7cce74312ef62637623a5cfd9c4522271b6e5b1ead8b07613781baeb09
SHA3-384 hash: 5e0aa19cdb3830a72b79aa2bf10ad5de62f02cf44ad27ff23c3d130298e54aebf73120377ac6407bdd829b82144fa5bf
SHA1 hash: 05ddf688d17932798317670b1bded7577ef5d238
MD5 hash: 441e64a68f74c1e4d95874585b451f0a
humanhash: mississippi-mango-texas-alaska
File name:ord_438 13.zip
Download: download sample
Signature Gozi
Create hunting rule
File size:170'609 bytes
First seen:2020-05-26 13:17:05 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:mmq2pDWwpWjNXPKsHRLHkbGxHSP5Bl3gukNX3ijnmATaBjuh6:Zq2pYZ/JdR0P53siPT3h6
TLSH 8EF312537C2C14DDF82C33E885BCCDBA75C359BADAE478036F8A1A4517E1B65A1AC348
Reporter abuse_ch
Tags:geo Gozi isfb Ursnif USA zip


Avatar
abuse_ch
Malspam distributing Gozi:

HELO: murrypurryfurry.net
Sending IP: 81.29.134.114
From: Anna Griffin <Moore@murrypurryfurry.net>
Subject: Office #xxxxx
Attachment: ord_438 13.zip (contains "ord_438 (13).doc")

Gozi payload URL:
http://91.211.245.163/gijm42g.exe

Gozi C2:
https://votboo.xyz/index.htm

Intelligence

File Origin
# of uploads :
1
# of downloads :
390
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
TwinWave.EvilDoc.DOCXRSTRGOOD.WIN32_PROCESS.200408.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.DOCXRSTRGOOD.WINMGMTS
Create hunting rule

TwinWave.EvilDoc.DOCXRSTRGOOD.WIN32_PROCESS.200402.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Document-Word.Downloader.Euy
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 13:36:23 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Gozi

zip 3bc4ab7cce74312ef62637623a5cfd9c4522271b6e5b1ead8b07613781baeb09

(this sample)

Gozi

Executable exe 1c359f210df80175b3fe8205db122f9380bbf4fcf2eabfc10c98a32d79e21c44

Gozi

Word file doc 278e368f49b3dc5e72eb5c81abc8b379167ab4a1ef282c61485dccd5cbd12b8d

  
URLhaus
https://urlhaus.abuse.ch/url/369072/
  
Dropping
MD5 42010d7791d78908150cbd73bc6e139e
  
Dropping
Gozi
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 278e368f49b3dc5e72eb5c81abc8b379167ab4a1ef282c61485dccd5cbd12b8d

Comments