MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4f3f3ecbb8ade4c82e038ee9f0a37e5f4655d9ae9f15c052da1a16e175fd710d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4f3f3ecbb8ade4c82e038ee9f0a37e5f4655d9ae9f15c052da1a16e175fd710d
SHA3-384 hash: c12e1dd59c13073d43d11a4fdeb654e381cea157e37d4bac6e4cc58b26e1063f390b7ae209ba82837b3dd9062f0f3e6c
SHA1 hash: 0c53e2a88deff3fab183bbd0682729790eeef119
MD5 hash: dfdab08553cdef8d8133b8f753c7cc28
humanhash: romeo-east-london-seventeen
File name:SecuriteInfo.com.Trojan.Siggen9.22690.22774.9171
Download: download sample
Signature Gozi
Create hunting rule
File size:338'432 bytes
First seen:2020-03-20 10:34:16 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 14eb8432dde456f41bf8b96a7a341df3 (4 x Gozi)
ssdeep 6144:8xNh4SH+ACL2TM7mZtOb8HbSAhbHDeGi23CIEhi:BSH+rL2TKmZtkAhbHDeeyw
Threatray 1'609 similar samples on MalwareBazaar
TLSH EA748D007BA0D035E2B656B84E79C3B8952E3EA09F2990CB31E46EDB66346F59D31347
Reporter SecuriteInfoCom
Tags:Gozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.PrivateExeProte-11
Create hunting rule

SecuriteInfo.com.Trojan.Siggen9.22690.22774.9171.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Ursnif
Create hunting rule
Status:
Malicious
First seen:
2020-03-21 03:52:58 UTC
AV detection:
24 of 30 (80.00%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
1dc7a48f00a4793ae96c0209712dd207467591481f8a14ed5b024c6022268a94
Gozi
3cae3e686dc69abc5fc48e1c93567093421bf37eb65ac7353eb042da718beb15
Gozi
75fe674bd8fac11a34e7f7b637f66d3aae066e0b78bff304d3c4f21db391c9b8
Gozi
ab4707d32e78d4425592a2da4f2aef8789a50e0528c83821c203693b1bfbb927
Gozi
b4c9b7f8bff8b0fae4301bbe53cbcc9ba2ebc52f314cce531bf826760c09d79f
Gozi
c323a6d5290a134a8b6c374a20a5bf5091ae7923c5e0f64ecc89c559d4b1b34b
Gozi
c85d0da5fe543408376ed6c916d5e498aadc0b5f75be0ddc59a4efe3da5fff07
Gozi
c9cc3b9a9484bc59a94490380a8e1e52faec563d2a16db4e58e0e53ac6fb5d94
Gozi
d172a71154aa9f8859c5ae2271c0ba716e772a99a23273818bc9a1fe8ee1a5d2
Gozi
f926893a0c9d0bfd4f5f12dc727ed26649f12332f7ce047c460e884afe309205
Gozi
+ 1'599 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4f3f3ecbb8ade4c82e038ee9f0a37e5f4655d9ae9f15c052da1a16e175fd710d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CloseHandle
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetDiskFreeSpaceA
KERNEL32.dll::GetCommandLineA
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleCP
KERNEL32.dll::GetConsoleMode
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateFileA
KERNEL32.dll::CreateFileW
KERNEL32.dll::MoveFileExA
KERNEL32.dll::GetFileAttributesA
KERNEL32.dll::GetTempPathA

Comments