MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 77ded4f64eec0094fdfa843dfe4f36a559fbf8fa5c39fda7b63013def76ace7b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 77ded4f64eec0094fdfa843dfe4f36a559fbf8fa5c39fda7b63013def76ace7b
SHA3-384 hash: 1788c6dc1e2bd72a6aa089c0b54ce2506f8ec236644bf9157941e3b95cbf8331bc42b35adadac72c9a7e589495c685fc
SHA1 hash: e198a73117ae88a44194a4f73e52881519da990e
MD5 hash: 512ef14b1ad32ebebaa5ca4271b69321
humanhash: rugby-nineteen-november-india
File name:5f04387e4fea5
Download: download sample
Signature Gozi
Create hunting rule
File size:237'056 bytes
First seen:2020-07-07 08:56:05 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 8d46c0985c460565c0718bedc688b1be (3 x Gozi)
ssdeep 6144:77hNXz+6pqT/MA9RE+ardJSAhcXC6puz8m3Z53J7:XCjT/MA9paJvhcX7puz8mJ53J7
Threatray 697 similar samples on MalwareBazaar
TLSH F934AE213EC6D8B6F6BF5F3E4426C171891DBE450A34ECEB22A1550B4B7B1828535F1B
Reporter JAMESWT_WT
Tags:Gozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/22095/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Using the Windows Management Instrumentation requests
Creating a window
Searching for the window
DNS request
Detection:
isfb
Create hunting rule
Link:
https://mwdb.cert.pl/sample/77ded4f64eec0094fdfa843dfe4f36a559fbf8fa5c39fda7b63013def76ace7b/
Threat name:
Win32.Trojan.Ursnif
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 08:58:06 UTC
File Type:
PE (Dll)
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=o7pnj5so5qajj7p2qq674tzwuvm7x6h2lq473j5wgaj5553kzz5q._file
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
1007538050a92f07d23ac2be6956f577fbfd459381415b40a3b53b794a6d5211
Gozi
346b977e05b99881c7ec168c2fa0b68f84ec633d764eb52dd9795e372f45b1b4
Gozi
34fd926b213a1c5726124dff74dbf69c731f8e823168d17cc1c9448501ed314f
Gozi
54605638380151e63c23aa77cb6ecf309fb943eb9f7e4d96c1dce197c2bddf21
Gozi
7398048e3cb424344def184f417b3cbfa1451bf0fa8219c875be0f195468c46d
Gozi
8116f086d5b222ea6d3ac385bbc8f3a88c19f920435e1ba274a1f46702ab10a2
Gozi
d5b2b88dab809a7cc7688d6358c2b2d78b0f5278c72226f79673fce1bfe3aafa
Gozi
dc0df8f5ee0e898e069643a84cbc8154d6191f081665e245f1a9e2085028062f
Gozi
f2f44eec27272e3c0005982960896ab57da9a745ab2d4a1249da3fc8eddfad30
Gozi
fb75efa8434d35a049d6608b6534df5c0716d33eb373f63cda5333796e16f1ec
Gozi
+ 687 additional samples on MalwareBazaar
Result
Malware family:
gozi_ifsb
Create hunting rule
Score:
  10/10
Tags:
banker trojan family:gozi_ifsb
Link:
https://tria.ge/reports/200707-dhc2qj47zj/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Checks whether UAC is enabled
Modifies Internet Explorer settings
Modifies system certificate store
Gozi, Gozi IFSB
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/22095/

Comments