MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8116f086d5b222ea6d3ac385bbc8f3a88c19f920435e1ba274a1f46702ab10a2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8116f086d5b222ea6d3ac385bbc8f3a88c19f920435e1ba274a1f46702ab10a2
SHA3-384 hash: 761489e682ad703365ea3563366b2dd44d596fddfdbff2ad42e7e1c9eaf2cf9b02bfe66854cfd00bdd1ce53f1edcaa92
SHA1 hash: a528c660f15806c967eb66b4cc0ff5547ba32405
MD5 hash: a23a634785b4c2aed3ceaf90290af0c8
humanhash: foxtrot-echo-uranus-high
File name:gozi (1).bin
Download: download sample
Signature Gozi
Create hunting rule
File size:237'056 bytes
First seen:2020-07-07 09:08:28 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 8d46c0985c460565c0718bedc688b1be (3 x Gozi)
ssdeep 6144:77hNXz+6pqT/MA9RE+ardJSAhckC6puz8m3Z53J7:XCjT/MA9paJvhck7puz8mJ53J7
Threatray 728 similar samples on MalwareBazaar
TLSH 3C34AE213EC6D8B6F6BF5F3E4426C171891DBE450A34ECEB22A1560B4B7B1828535F1B
Reporter JAMESWT_WT
Tags:Gozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/22119/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Using the Windows Management Instrumentation requests
Creating a window
Searching for the window
DNS request
Detection:
isfb
Create hunting rule
Link:
https://mwdb.cert.pl/sample/8116f086d5b222ea6d3ac385bbc8f3a88c19f920435e1ba274a1f46702ab10a2/
Threat name:
Win32.Trojan.Ursnif
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 09:10:07 UTC
File Type:
PE (Dll)
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qelpbbwvwirou3j2yoc3xshtvcgbt6jainpbxituuh2goavlccra._file
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
1007538050a92f07d23ac2be6956f577fbfd459381415b40a3b53b794a6d5211
Gozi
346b977e05b99881c7ec168c2fa0b68f84ec633d764eb52dd9795e372f45b1b4
Gozi
34fd926b213a1c5726124dff74dbf69c731f8e823168d17cc1c9448501ed314f
Gozi
577423ddac7ca6f9b623e528452e4455015d71aa690d44a026c40c6dcaad9569
Gozi
7398048e3cb424344def184f417b3cbfa1451bf0fa8219c875be0f195468c46d
Gozi
77ded4f64eec0094fdfa843dfe4f36a559fbf8fa5c39fda7b63013def76ace7b
Gozi
d5b2b88dab809a7cc7688d6358c2b2d78b0f5278c72226f79673fce1bfe3aafa
Gozi
dc0df8f5ee0e898e069643a84cbc8154d6191f081665e245f1a9e2085028062f
Gozi
e3b9e0c9c3637a620a1fd51cf8bcf63bfe988193fc18fa7eb7a4d19e3b9ee467
Gozi
fb75efa8434d35a049d6608b6534df5c0716d33eb373f63cda5333796e16f1ec
Gozi
+ 718 additional samples on MalwareBazaar
Result
Malware family:
gozi_ifsb
Create hunting rule
Score:
  10/10
Tags:
banker trojan family:gozi_ifsb
Link:
https://tria.ge/reports/200707-gf8c15jd26/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Checks whether UAC is enabled
Modifies Internet Explorer settings
Modifies system certificate store
Gozi, Gozi IFSB
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/22119/

Comments