MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 52b9735c9182c90dcf54bb2d1ae287bd702417070fa3dd403232b0a5c26b857f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 52b9735c9182c90dcf54bb2d1ae287bd702417070fa3dd403232b0a5c26b857f
SHA3-384 hash: bc4d23db33421a66d801ed43fdb188a1a66a49405460b4e2712d7858742438ddd88bcce4fb71cbcf5ca873e1a1e482cb
SHA1 hash: c9479c7cbe08c9b9c8d022f0a9dc0d64277936e8
MD5 hash: 952bc67de7e7e40d3938ae5d9118bde9
humanhash: beer-south-lake-fish
File name:Ursnif--c9479c7cbe08c9b9c8d022f0a9dc0d64277936e8
Download: download sample
Signature Gozi
Create hunting rule
File size:208'896 bytes
First seen:2020-06-10 07:25:32 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 4fe0e39860c43b36534206c5f71735d6 (1 x Gozi)
ssdeep 6144:pHqqJYQGbXMYZQSeydbV6h60xYHzAjsm:pHqqJYQG1QS9AUNm
Threatray 712 similar samples on MalwareBazaar
TLSH 7514AE623542F879E1011639CD5AE7F922E1BC05DE29E95331EF2F4F2C668C3D96A342
Reporter JAMESWT_WT
Tags:Gozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Infostealer.Gozi
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 00:41:43 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
18d16e00c1aec23905194caa6929efd4af4a8613cfec674e0752033a891b7c33
Gozi
577423ddac7ca6f9b623e528452e4455015d71aa690d44a026c40c6dcaad9569
Gozi
7398048e3cb424344def184f417b3cbfa1451bf0fa8219c875be0f195468c46d
Gozi
77ded4f64eec0094fdfa843dfe4f36a559fbf8fa5c39fda7b63013def76ace7b
Gozi
8116f086d5b222ea6d3ac385bbc8f3a88c19f920435e1ba274a1f46702ab10a2
Gozi
ae618e94c64b10307de3193efe693ba4cf0ea371a662038f705ba00779ad4f40
Gozi
d8885ce1f08167becda151811c6519af1bac2ad835acf60c7fa1130dad28fcd7
Gozi
dc0df8f5ee0e898e069643a84cbc8154d6191f081665e245f1a9e2085028062f
Gozi
df646ae6f0af0a1c69a9e36766d1a03ca853e7a2163348c95ddafb2b960c148e
Gozi
e3b9e0c9c3637a620a1fd51cf8bcf63bfe988193fc18fa7eb7a4d19e3b9ee467
Gozi
+ 702 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-8rs7p4fc76/
Behaviour
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments