MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 67b46301815d5ba32f90af114a459810902ba6d97a75821c8455b8103073b499. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 67b46301815d5ba32f90af114a459810902ba6d97a75821c8455b8103073b499
SHA3-384 hash: 284875b2275a04bc8832f742e880e35234f9ac08183ba8d3f3425463bd2f56e14306fbc88abb87f325f8a78fcb8d1533
SHA1 hash: c0e25d2f02a768def644be6c248732da4f91495b
MD5 hash: 892fbc87fdbcbe9d91e17ae7355eb54c
humanhash: muppet-massachusetts-golf-blossom
File name:w.dll
Download: download sample
Signature Gozi
Create hunting rule
File size:504'320 bytes
First seen:2020-06-05 16:46:16 UTC
Last seen:2020-06-05 17:32:36 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash b81fa798a957991848eaf62cc7c7f28d (1 x Gozi)
ssdeep 12288:aIee+rHCYBUVn3vIqy7kHe0ZweA63H/AB6:Xx9y7kHe0sB
Threatray 76 similar samples on MalwareBazaar
TLSH 93B48DA027701A8AF9F74F3C18B307119DED7CCA9974D28687D1374A1D7B1925AA0F2B
Reporter James_inthe_box
Tags:dll Gozi

Intelligence

File Origin
# of uploads :
2
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Worm.Cridex
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 16:45:36 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
zloader
Create hunting rule
Similar samples:
02846dbf25b333625a0720075fb47da62a946e5b0b4f9e9ba14cef514d576b37
Gozi
3712c1a9e9ab864ee28897d0802179db4a2f664f61629f1154437640be377530
Gozi
3bf8fbdad095013493d1b90f5c82880dc57145dfbb54fdf225ded88ba6b1618b
Gozi
4fb5e1b5eaa6a8f4ff3e80429adaa9f5af1dded814c724a7839f25636530d0e3
Gozi
991c4166a2246ca5ae9186a1e747f5eb767fdbd304dbfa1c5f4a2019cb6b4aec
Gozi
a5e798492ba6892a57c79c635679563eceacb6d1efcc38f5dfc0232518861ca8
Gozi
badc87166cc28491dcae0164e7dc027aeb4b98eea5f765f776f58d8683cdec6a
Gozi
deac9f705c6ddd2795f31b9d55ace3f3de1e20de314b0c20f1a2e90fdf259cb2
Gozi
eecaf5677c5c21d268261eef35a819549dda3c454e9b60e368070aa3bfd2f54c
Gozi
f28dd082013ee7df2f5956c4e8791e863e575aa64071af9a910826bc12d27acb
Gozi
+ 66 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
family:zloader botnet:miguel campaign:05/06 botnet trojan
Link:
https://tria.ge/reports/201109-xjvey5b83j/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Blacklisted process makes network request
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
https://gahotimaskever.ga/wp-parser.php
https://tlenexicagopca.tk/wp-parser.php
http://cld.kazgau.com/wp-parser.php
https://cmso.med.cmu.ac.th/wp-parser.php
http://janekleeb.com/wp-parser.php
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments