MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 54fba19e9bdd0cdc7f3900f716e90dfa0f96c282c768747d667d2b227ccbe484. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 54fba19e9bdd0cdc7f3900f716e90dfa0f96c282c768747d667d2b227ccbe484
SHA3-384 hash: 50c783193960408976f174b1e00a32a65d66bfb06691e58329f953ec1b58202261fd006c287dc4b38f85bb4d596a0148
SHA1 hash: 3ef6b54d868083188566ce50ed36e2938f11c007
MD5 hash: 4b0043e0ab37e575490d305d98e20343
humanhash: apart-river-magazine-sierra
File name:SecuriteInfo.com.Gen.NN.ZedlaF.34128.Dy8@ayCr2pgi.7862
Download: download sample
Signature Gozi
Create hunting rule
File size:484'864 bytes
First seen:2020-06-10 11:10:38 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 8576f2eda7a30aeed43fccdbadabc440 (16 x Gozi, 10 x ZLoader)
ssdeep 12288:T2s6153R0KPnJHFlswhjmoUYtIdySZYBk:TZ8Vg8jmotI2S
Threatray 690 similar samples on MalwareBazaar
TLSH 15A4D0E25940B2B0D14BC97E9420B1B681F97C2A7F549180F98B47B735371FAA994FC3
Reporter SecuriteInfoCom
Tags:Gozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Gen.NN.ZedlaF.34128.Dy8@ayCr2pgi.7862.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 11:12:05 UTC
AV detection:
20 of 26 (76.92%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
zloader
Create hunting rule
Similar samples:
0eb381723057cbec531c209a0b5dca273d5c05ca5832b4d7baa2447d32e861cf
Gozi
244bd22b299305418f66c5a6239c70bdc5eced7c0464210feaac591301241cd5
Gozi
66d4f17726f5853e6127da6c02b6760f5cabbcf2793673d0db6b93517a537a78
Gozi
8179cb45ba2d6df0d25f9e1f382c5b9e8b9b703e4404fa19a9002c78418dedea
Gozi
8dbbc783a02a103f860b387d4c62c278b47c234e5ad4331eda1ba6ed7b06194f
Gozi
8e8ac33ad3757a7f33a24efbe9ec50a57d33de94a99327fdc38a9d8c3b21ad9b
Gozi
97acd15ebfaa1ac340cac6a4575d59d03ee08eb9b825eebf674d4ed123dd5667
Gozi
98a58a4f1a0b1305c473eeafa6dac80c2e2edd7e8aa8fe6d32ccac81318de1e5
Gozi
9ce2908edf0994f493926514628054634858340fb73f219c38c013f34dd9a429
Gozi
fa240d61efeb769d33cc081f2086ae6b65cda847a80440c82d97867fd1fbd6ab
Gozi
+ 680 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
family:zloader botnet:bot5 campaign:bot5 botnet persistence trojan
Link:
https://tria.ge/reports/201109-1y3dbnf14j/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
https://militanttra.at/owg.php
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments