MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 692c58e28e0f0346adfbad2356dd8495ec8f07718ee40db171b50e8870526f96. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 692c58e28e0f0346adfbad2356dd8495ec8f07718ee40db171b50e8870526f96
SHA3-384 hash: 4bcb401b721f7175ce37f8d9d5fbb4b83018ee593253f3a4744f7ed4b2db9aad61132f3f15bbe85c61548128259e0f4f
SHA1 hash: 1dbbc632e2b10918c322ed0e761661fbe690d43e
MD5 hash: c1366b1afc57e2fca68501345bbd4ba0
humanhash: eight-fanta-seventeen-network
File name:x.dll
Download: download sample
Signature Gozi
Create hunting rule
File size:819'712 bytes
First seen:2020-05-12 16:48:39 UTC
Last seen:2020-05-13 01:11:04 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 4497d20cc5ec68f9f1895db926521783 (1 x Gozi)
ssdeep 24576:OWnH/+thqkgzmgd7sh+o+Yqr2VflKvHlD:OWnHaBgzmgd7shwYqCllKflD
Threatray 14 similar samples on MalwareBazaar
TLSH CA05CF013A81C536C0E941305C15E6F86A6D7E29EFA04C97F7D83B1F67B06B2963AE47
Reporter James_inthe_box
Tags:dll Gozi

Intelligence

File Origin
# of uploads :
2
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/3465/
Detection(s):
PUA.Win.Packer.PrivateExeProte-11
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Cridex
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 16:48:06 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
zloader
Create hunting rule
gozi
Create hunting rule
Similar samples:
1267b822cde1edabfc063458232a5ed9ea03652416de96b8d12ecb1058c86e23
Gozi
37dd9ac0253be5eb6036877963ff457db90932e34d9bbd2c18852bf8bfd873c2
Gozi
385be4267e9aaadfb82815d54dde7fccbd0d1b843aa3c4062ef752a9378ae02e
Gozi
6593fa326b8eb0b737a17889c50c539ac45f2f9215fdab50ffa62df1be7ec2d1
Gozi
7d5ef8e6c5738ebc13718eee67f0b6cc354f3e28b135e4a378f69d57043299b8
Gozi
abe31666e7b408ed139ba7452f70d3f633b7cc7ce0de9de8b8c6489f47a34df8
Gozi
cc32eb0fb5c35376f69a3d6b81fdb339309d06d80a2cffa2604e21012ac33c18
Gozi
ccf1e6416673f50f016cfa1658e9dd29793195b9bc701fedc1218d122faeb6b2
Gozi
cffb56dddf9b596328082781400f1b5a1d7a995719c78dbdcbe41b026c86010b
Gozi
e84e5b011762b61f9bed2e092650249c28229411f83287d1589669aeefa0b6cd
Gozi
+ 4 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
family:zloader botnet:miguel campaign:12/05 botnet trojan
Link:
https://tria.ge/reports/201109-fpeavd6ws2/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Blacklisted process makes network request
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
https://japanjisho.info/wp-parser.php
https://home.comegico.com.mx/wp-parser.php
https://hormonas.comegico.com.mx/wp-parser.php
https://hopime.com/wp-parser.php
https://gavrelets.ru/wp-parser.php
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/361771/
Cape
Cape
https://www.capesandbox.com/analysis/3465/
Cape
Cape
https://www.capesandbox.com/analysis/3464/
Cape
Cape
https://www.capesandbox.com/analysis/3463/
Cape
Cape
https://www.capesandbox.com/analysis/3462/

Comments