MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d8885ce1f08167becda151811c6519af1bac2ad835acf60c7fa1130dad28fcd7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d8885ce1f08167becda151811c6519af1bac2ad835acf60c7fa1130dad28fcd7
SHA3-384 hash: eb82eab7ed4df5772e6e34e26defefd1773d1d20cbbd1a8b1eb6b46de5850abd4701be14c0aebea4728e8846e68be856
SHA1 hash: 1e6cc277d46f5fd5e7b915980deb8725c4a71726
MD5 hash: 019c152a88c2efc4c7b42458a48f7f5c
humanhash: finch-kitten-chicken-jupiter
File name:pliant.dll
Download: download sample
Signature Gozi
Create hunting rule
File size:276'992 bytes
First seen:2020-06-11 15:29:01 UTC
Last seen:2020-06-11 16:45:22 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 44fe6c6c29b65fd3f3515606d0c92cfb (1 x Gozi)
ssdeep 6144:vEGvuq+yXBukQAhhwsF9xZs7GELTCXK5CUQ5YhJ7XW8inA+:vEGvuq+ed6sF9YyuubU6YhJ7W8yA+
Threatray 755 similar samples on MalwareBazaar
TLSH 2D44BF20BF4F5DB0E0AE5A3D523182565E2A2921ABB0CCE37FDD15488F24AC45F79727
Reporter James_inthe_box
Tags:dll Gozi

Intelligence

File Origin
# of uploads :
2
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Ursnif3
Create hunting rule
Link:
https://www.capesandbox.com/analysis/9040/
Detection(s):
PUA.Win.Packer.PrivateExeProte-11
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-11 15:28:48 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
1007538050a92f07d23ac2be6956f577fbfd459381415b40a3b53b794a6d5211
Gozi
18d16e00c1aec23905194caa6929efd4af4a8613cfec674e0752033a891b7c33
Gozi
4f61fcafad37cc40632ad85e4f8aa503d63700761e49db19c122bffa7084e4ec
Gozi
52b9735c9182c90dcf54bb2d1ae287bd702417070fa3dd403232b0a5c26b857f
Gozi
77ded4f64eec0094fdfa843dfe4f36a559fbf8fa5c39fda7b63013def76ace7b
Gozi
8116f086d5b222ea6d3ac385bbc8f3a88c19f920435e1ba274a1f46702ab10a2
Gozi
ae618e94c64b10307de3193efe693ba4cf0ea371a662038f705ba00779ad4f40
Gozi
d5b2b88dab809a7cc7688d6358c2b2d78b0f5278c72226f79673fce1bfe3aafa
Gozi
dc0df8f5ee0e898e069643a84cbc8154d6191f081665e245f1a9e2085028062f
Gozi
fb75efa8434d35a049d6608b6534df5c0716d33eb373f63cda5333796e16f1ec
Gozi
+ 745 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-p3pmff3fm6/
Behaviour
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/9040/

Comments