MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 defd6d5bb8cd5cbd01d7e805d2b0ae7d36a12da501e3dafd9a46baded1fe402d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: defd6d5bb8cd5cbd01d7e805d2b0ae7d36a12da501e3dafd9a46baded1fe402d
SHA3-384 hash: b1f49fd093b621236d59c25544b8e01902599a8bdaa8ec329731b1e96b6babada8d2bb74f50f9847add8873462552ae1
SHA1 hash: ab4b79170f1749d36fee79f3d5749b66ac17fd48
MD5 hash: 2a286fe22d6b983430efd8f000f483d7
humanhash: maine-mike-ten-wyoming
File name:opzi0na1la.dll
Download: download sample
Signature Gozi
Create hunting rule
File size:160'768 bytes
First seen:2020-11-11 10:09:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3a9591dd47b1686df1607aa8d1830d44 (2 x Gozi)
ssdeep 3072:YH5HaIJBdl8/HPpNh5O1vtbd0BDUGjgyUz7QwWcC/AOyO:+6eB78XfO1tbdW4GjwkwW7obO
Threatray 13 similar samples on MalwareBazaar
TLSH 9EF3C0016CF6B1FCD935987D84ED6BD62E58FE144B2CEF2B3F080ADAE5521421C652B8
Reporter JAMESWT_WT
Tags:dll Gozi isfb Ursnif

Intelligence

File Origin
# of uploads :
1
# of downloads :
178
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.2a286fe22d6b9834.8060.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Using the Windows Management Instrumentation requests
Sending a UDP request
Launching a process
Creating a window
DNS request
Sending an HTTP GET request
Sending a custom TCP request
Creating a file
Searching for the window
Deleting a recently created file
Connection attempt
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/defd6d5bb8cd5cbd01d7e805d2b0ae7d36a12da501e3dafd9a46baded1fe402d/
Threat name:
Win32.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-11-11 10:09:00 UTC
File Type:
PE (Dll)
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
1302b4037bd0759b5eac425cf3b4333621d2357c8d7d26f910a3473d8618b739
Gozi
1cbe92dd308b0cff4055bf7ea98e91ca2d1d9160314518e3f09adc8def67bd81
Gozi
2fe961e9bb79716d74f6d4c44e54b685a13d0bf9dc4a9c2e97425178b1cfd43e
Gozi
74df1156c1fadae414aaa6a95f8ead8924ebce0c607df63860fad0546288aa30
Gozi
7f78709da704f5fe0f08e67661f668381028e7649ec06028b89fb43947ee4d8d
Gozi
8c421ff35f676e2a886e33879a324da5660a9d94dd77edc1791f431c124402a4
Gozi
8d2e11c37f1d10e4dfd3f525ee70c5c9f157996b927d94e2c355a4107dbb617c
Gozi
d5ba4c77ca4813a76ceb6be5203a3c3d713e043e82cf80a7aab0d92b28f71a64
Gozi
e32ad2423fd1079505a65a44d9e0a4ea2c60821336b27e52930feaf5382a3536
Gozi
f3f8d996ff8837734356f73ef5794917eaa81829018db1eefcdf4e0c043e5c45
Gozi
+ 3 additional samples on MalwareBazaar
Result
Malware family:
gozi_ifsb
Create hunting rule
Score:
  10/10
Tags:
family:gozi_ifsb banker trojan
Link:
https://tria.ge/reports/201111-bzg9ej135n/
Behaviour
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
JavaScript code in executable
Gozi, Gozi IFSB
Unpacked files
SH256 hash:
defd6d5bb8cd5cbd01d7e805d2b0ae7d36a12da501e3dafd9a46baded1fe402d
MD5 hash:
2a286fe22d6b983430efd8f000f483d7
SHA1 hash:
ab4b79170f1749d36fee79f3d5749b66ac17fd48
Link:
https://www.unpac.me/results/be7ef6c2-fbf9-4929-bbbb-9699a9c4ba6a/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments