MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 471325daa2bc75f50856e93e9de088386556fc3ead653894d5c2a67f2a8b4975. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 5 Yara 3 Comments

SHA256 hash: 471325daa2bc75f50856e93e9de088386556fc3ead653894d5c2a67f2a8b4975
SHA3-384 hash: 5a0ccc16017dc89f743a828e054de09089e04c00bca2d4f299fc7055e53f5c2d29fa8caf325e64d7d9195fa5ed2609eb
SHA1 hash: 281aab2eb26f31cf2255e2f5a467fc5eebda8df8
MD5 hash: f500854e3cf9556688203a3d869b7d6d
humanhash: double-fillet-muppet-georgia
File name:data.bin
Download: download sample
Signature Gozi
File size:121'856 bytes
First seen:2020-06-30 05:40:46 UTC
Last seen:2020-07-01 12:46:41 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a40e692fc2df9875eb927637f7c2b500
ssdeep 3072:Z8ypjkWHlpxLzWjY3R6WVYGt5z3sAHcYZi5C7wSyCw7IEFf:WWhzH34WVphiRpE
TLSH 3DC36CE33FC53CF6D6EF063300D5EBFA4AAC65724752BE83A169293855B74C68E56800
Reporter @abuse_ch
Tags:exe Gozi

Intelligence


Mail intelligence No data
# of uploads 2
# of downloads 35
Origin country CH CH
CAPE Sandbox Detection:n/a
Link: https://www.capesandbox.com/analysis/16775/
ClamAV SecuriteInfo.com.ArtemisF500854E3CF9.25697.UNOFFICIAL
CERT.PL MWDB Detection:isfb
Link: https://mwdb.cert.pl/sample/471325daa2bc75f50856e93e9de088386556fc3ead653894d5c2a67f2a8b4975/
ReversingLabs :Status:Malicious
Threat name:Win32.Trojan.Wacatac
First seen:2020-06-30 01:41:03 UTC
AV detection:17 of 31 (54.84%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:n/a
Link: https://tria.ge/reports/200630-m1a6tbcjt2/
Tags:persistence
VirusTotal:Virustotal results 26.39%

Yara Signatures


Rule name:Ursnif
Author:JPCERT/CC Incident Response Group
Description:detect Ursnif(a.k.a. Dreambot, Gozi, ISFB) in memory
Reference:internal research
Rule name:win_buer_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator
Rule name:win_isfb_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Gozi

Executable exe 471325daa2bc75f50856e93e9de088386556fc3ead653894d5c2a67f2a8b4975

(this sample)

Comments