MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7d56b15beb55a2a77afce882394f2ca64a5477ae0ba35536309b19a785d688d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7d56b15beb55a2a77afce882394f2ca64a5477ae0ba35536309b19a785d688d3
SHA3-384 hash: 021a5bbfb0360bc05ca3629e10ba7d6aa8c86fbff8e872cc39a664e845f9e0ca9a83a84d1fbd74401998eef48e2e6b76
SHA1 hash: 27d0c05ad4fa0d7306e2cd2a1032583ee222647b
MD5 hash: 8abd8e6f9f77b8213fd9f1178acaca7d
humanhash: lion-bacon-aspen-butter
File name:7d56b15beb55a2a77afce882394f2ca64a5477ae0ba35536309b19a785d688d3
Download: download sample
Signature Gozi
Create hunting rule
File size:1'000'960 bytes
First seen:2020-03-27 02:48:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ff543b0ec74f74cfba80b83b6c3679e6 (1 x Gozi)
ssdeep 24576:b03HCA319vhTxJKtWvniht8CNRh82lprFUYz/KPh:43iS19vhnKlP5lpxUYz
Threatray 2'652 similar samples on MalwareBazaar
TLSH 5A2533A71DA8027CFE4F56BDF5434F0BA11CA6A513CD91AFA5E0320C9AEC8C8995CDC4
Reporter Marco_Ramilli
Tags:exe Gozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-03-27 01:34:07 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
28 of 47 (59.57%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
0fefdfbc442c4667670b1b9001f1b586dbf7d7eeb13bcaf21af53984d5ad14a6
Gozi
2a80deaa083bb554ccc57c0ffd467b4fd1a6e2f1ae6ab1a3de140aab849b19bf
Gozi
361fb6895164e8e130e6fc3f6dc984af355294173c5e385d0ac35d6df61aea60
Gozi
4036ac805089ec47bd45e9b8b98aa5ee48a7f856d796f48b38250bde536895f9
Gozi
63a8687b9f3d1ef090cbd4f3c78edb9ff645ead16c5eacb05debf14e418596f4
Gozi
78cb6053d76d453fb3885f47c1634fc28e20862a5a73bcdc1557e5620ae7416f
Gozi
823d3e4a009254382cf9401cffddeb21e5be60ab5bb283ad325734c8c14cd695
Gozi
acdbf9fccd6e9fef6459322fb9ea0b1767815413a9a9d91407b87c7834ae77a0
Gozi
b9a9208aafc5b7d73bf9af9ced0b9be8d77a0a4b952391e15b61325ad3be3d9f
Gozi
e3c98c2ca7e4be4d14e9040f22c4a88bc512cb0e8d093af37360d035e45c5678
Gozi
+ 2'642 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
WIN_BASE_APIUses Win Base APIkernel32.dll::LoadLibraryA
WIN_REG_APICan Manipulate Windows Registryadvapi32.dll::RegQueryValueW

Comments