MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dafc60c8c270443f0b22491b527db92ea192d33f8e0c43ab018bc3197832ce46. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dafc60c8c270443f0b22491b527db92ea192d33f8e0c43ab018bc3197832ce46
SHA3-384 hash: dfc67d9481fa29fe452b1b51fbce89a8f8a57236772cb8e3111ecfb0896c13787df328c9ef2d8c29fa82ed982c2269b7
SHA1 hash: 6e2ced303cdb4930a53c8427cb143156ef94d6df
MD5 hash: c6b3e08ca1cd64dca6d152a82f8ca2f7
humanhash: five-seventeen-quebec-montana
File name:c6b3e08ca1cd64dca6d152a82f8ca2f7.exe
Download: download sample
Signature Gozi
Create hunting rule
File size:139'264 bytes
First seen:2020-05-22 07:27:56 UTC
Last seen:2020-05-22 08:43:37 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 43c11b4472faf33c2570ac05c35779ad (1 x Gozi)
ssdeep 1536:JQYv5Fcu+rO3Pk46Lx13jSihgGb2Byo7dUw0B5erFJrw9hGUs54WSa5VOlLlObnB:JiLhgGmySf0BkrOI5405VQOtdQmZU
Threatray 403 similar samples on MalwareBazaar
TLSH D4D3BE11BAD1F072D45248300465F2F0763ABC166B764BA737943B9F6E322D25BBA371
Reporter abuse_ch
Tags:exe geo Gozi isfb ITA Ursnif

Intelligence

File Origin
# of uploads :
2
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.43198170.25098.11253.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 05:31:57 UTC
File Type:
PE (Exe)
Extracted files:
23
AV detection:
26 of 48 (54.17%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
51710ac663a6fd3bc7f166045d4cb38b1e1796195b4aab057b4133df8db9ef8b
Gozi
64e83c8f0cee695c66674a7b244713bf0ad390a77b079d35294f3ac989b937f0
Gozi
6f1f13a58deb16f304bc3004e6adf5eec0c12673b4d9125c1addfab367340bfe
Gozi
7899aae710988b1ddf4fca1d1f70a5f57fcb67b8491ab935e82f2ed46eda0bfb
Gozi
8faef49d64b36052e6648a0426fb2f71af70d9b434be548841a4707fada2410a
Gozi
92531c1c46721abadcbc92de961a40f50940f1409c31d84cbc8129ce860968e3
Gozi
acfc2a0c6eaf9209bc6036bd385b70fc6971b51ea9dab0eaefb5ac99b674b658
Gozi
bd27fe96b334c81e8b62bda3121306619ca317dad8a971daf0639cb896953006
Gozi
cd4e2a8e52f9160e7d25e3a1cf0ee45a1b3c88831cb76e049622bd69170289c5
Gozi
f22c9740a5c5feb820a95a2c75ecdf6d5b6c2dc994e912203bcd8213bdac76f7
Gozi
+ 393 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-86hwx76r3j/
Behaviour
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gozi

Executable exe dafc60c8c270443f0b22491b527db92ea192d33f8e0c43ab018bc3197832ce46

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365269/
  
Delivery method
Distributed via web download

Comments