MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7df6cffe72503e47063c3b80da0e2df2d3932fa50cb08daa8f0d0aa8ec7d8184. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7df6cffe72503e47063c3b80da0e2df2d3932fa50cb08daa8f0d0aa8ec7d8184
SHA3-384 hash: 55cbe949e181a35169ed7f2b57d5a060a73f0a21fc23bef23adf9281d2d55b301039ba17b03eb06b2f3e4c7420baa75d
SHA1 hash: 739dc26b1332334c682206673729a2457411c93b
MD5 hash: 622a34d0ce3385f7c23ba10abec58427
humanhash: triple-mike-fruit-purple
File name:SecuriteInfo.com.Variant.Graftor.752710.4954.5259
Download: download sample
Signature Gozi
Create hunting rule
File size:3'453'952 bytes
First seen:2020-05-19 14:55:02 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash e8aa1309c58f3e5165a7048571442e0f (3 x Gozi, 2 x DanaBot)
ssdeep 98304:nnz0Iqkvs94Kw3xRImj7SLOn6nouQ2Gs8c+j2wzzmghU3S:nzXKw3x0OeG7s87z
Threatray 271 similar samples on MalwareBazaar
TLSH 25F57B017A80E029E9A95AB3CE68D5FD02117D54DF7490DB30D4BF8FBA7BAE69830711
Reporter SecuriteInfoCom
Tags:Gozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.PrivateExeProte-11
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 15:20:00 UTC
File Type:
PE (Dll)
Extracted files:
2
AV detection:
12 of 31 (38.71%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
214e3cd3db2fd521d7a66d0e4ede79c152870ff0330f839d01d7cc141cdc0a14
Gozi
2a46d6c287851041f7a352051cadd95de3379b8878191c925f7d423a475936e6
Gozi
32031ca4487b08af41a597da7d22c05a3d4f676c33119c057f3f4a1431217887
Gozi
4bf2f4dd9ecaa28ecebae186a118cf66f8fce7ee8790351ca7224516ff47010e
Gozi
504eb3ba676729d316c8f6639ae45b0be030124e0c3007e9edade3b57b49e708
Gozi
5d65fcb03519e2de623db04685570406c586ee4d121c9381910932cf2e1bd344
Gozi
a5bd1ac8e6458e40e63cf558145dbd06cc2700d97f9ed3ae5a161b165ca6c035
Gozi
aa85267b21a04aa673ddde02c00feda1b10782b86eaad3ebbe5617a8ad787774
Gozi
c58594d414c882ce33499233c2f508789e5fa4d91b79ef01d763012e39d7b095
Gozi
e1eabf537423c05f282eba3b0c5bc70931767c23fb9bb2a014999a73e7656e4a
Gozi
+ 261 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-7kc9jc5rms/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Blacklisted process makes network request
ServiceHost packer
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments