MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ccdee30c90b6f380a5596715bd42f7694814c859ca9b3da00fe9918b22ffd715. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ccdee30c90b6f380a5596715bd42f7694814c859ca9b3da00fe9918b22ffd715
SHA3-384 hash: 8d4a4975ea8d96bcc72abb7cdf390aefdb9acf2590f7f2dceeb99b0787916faf6cce0f4336ef929d50c0fa2eb7b8b64d
SHA1 hash: 77ef4790bd81e6a2f8b2e77d90acd0780fcec5b6
MD5 hash: 14cd81f42b2bd83968a140aea2499c34
humanhash: oscar-violet-alabama-twenty
File name:SecuriteInfo.com.Trojan.Agent.ERUS.3011.27109
Download: download sample
Signature Gozi
Create hunting rule
File size:679'936 bytes
First seen:2020-06-05 11:39:52 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash f9b9221f67b0fccc2e9a35bec3a33d30 (5 x Gozi, 3 x ZLoader)
ssdeep 12288:bHMY2akXvNE8jI0pNjG/yin1bb6H9UoyLRAq6BdnbbXO+uVBzSeiTzF:gy6NE88KBitR6H9xWRPYOBzqX
Threatray 123 similar samples on MalwareBazaar
TLSH F7E48D1277B04024F6BB1BB854FB11659A7E7ED09738C5CB43C022EA4AB7AD0AE34757
Reporter SecuriteInfoCom
Tags:Gozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.PrivateExeProte-11
Create hunting rule

SecuriteInfo.com.Trojan.Agent.ERUS.3011.27109.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Worm.Cridex
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 12:35:43 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
zloader
Create hunting rule
Similar samples:
0eb287052bad63c28c2ddb52722b87a40331cb41806e494cd4d83c8b409c6178
Gozi
244bd22b299305418f66c5a6239c70bdc5eced7c0464210feaac591301241cd5
Gozi
73abd3856eaa081063998925894e6a335b1ef4a79434eddd312ef15cccf2360e
Gozi
8179cb45ba2d6df0d25f9e1f382c5b9e8b9b703e4404fa19a9002c78418dedea
Gozi
998014de6243f054fde2ba82c0c094313b59bc040bd5940a47163e383760af9b
Gozi
9ce2908edf0994f493926514628054634858340fb73f219c38c013f34dd9a429
Gozi
a07a359c59be4c8213ab755da287c7bf2da497415185e1c434b55cad6af544de
Gozi
a9b7021255f515544819e0d0d7fc650a7c2f373efbd6582761679f2ae6ce05cc
Gozi
e283e238a6df23efffad6f388ccc2de0b1e6f072fd6fb4eaed8065aa1d5a5aec
Gozi
fd8c062ff0b80d0560a5c239f9a035e821053ff0ee1e3907c88bb4a4b04fee30
Gozi
+ 113 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
family:zloader botnet:bot5 campaign:bot5 botnet persistence trojan
Link:
https://tria.ge/reports/201109-lfvbfl1ea2/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
https://militanttra.at/owg.php
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments