MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df646ae6f0af0a1c69a9e36766d1a03ca853e7a2163348c95ddafb2b960c148e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: df646ae6f0af0a1c69a9e36766d1a03ca853e7a2163348c95ddafb2b960c148e
SHA3-384 hash: 091bffdb787fb6aa04e4c96d6a5fc218319a0d811803580d6d3bd1188fbfe1bbe701a2abff550b0f577885102e2f6357
SHA1 hash: 356d25d48cb889dbdb30e9eb15f94fbd5b0194ae
MD5 hash: 30dd0f30a35abf1e135932948d05251d
humanhash: low-kansas-bravo-grey
File name:xeTyH
Download: download sample
Signature Gozi
Create hunting rule
File size:212'992 bytes
First seen:2020-06-10 07:25:01 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash d758b711ca1a8bb6eccbfb5ccb550551 (1 x Gozi)
ssdeep 3072:k1DCGWvboJ28toXG65IQHikN19x0elsTa1H/bXEhT9wVrXzosC1cIvQHB:+DCGeboJ0hHikuusTSfbXxVrjLC1zvq
Threatray 49 similar samples on MalwareBazaar
TLSH ED24BE523902E87AE4100335CD56F7ED22A4FC009EA9E59B31EB7F5F28669D3D64A342
Reporter JAMESWT_WT
Tags:Gozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Ursnif
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 00:52:07 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
3ab79263ec3e73bdfb8ef6c93e33622b8529de1cf78d4e6f008368a16139aa18
Gozi
51710ac663a6fd3bc7f166045d4cb38b1e1796195b4aab057b4133df8db9ef8b
Gozi
6a39a3e7387f3d214042b2d9d99f4d6de18303d56ad96c9a48df20cf4693091b
Gozi
75fe674bd8fac11a34e7f7b637f66d3aae066e0b78bff304d3c4f21db391c9b8
Gozi
c29378cbc2cf94c0c8e5245b0cccb263b648a2782eb8b3f3871fe1aada22b8fd
Gozi
c85d0da5fe543408376ed6c916d5e498aadc0b5f75be0ddc59a4efe3da5fff07
Gozi
cb27ecf6bee0620962aa33d1fc0496a1a201b80b67b446fa9d25a9e67e32abca
Gozi
ceafed22728ab72aa4a74dc2fc96d54b85ec0432ef0c97a4497075cc802109d3
Gozi
d172a71154aa9f8859c5ae2271c0ba716e772a99a23273818bc9a1fe8ee1a5d2
Gozi
dc0df8f5ee0e898e069643a84cbc8154d6191f081665e245f1a9e2085028062f
Gozi
+ 39 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-s3h4vsjay6/
Behaviour
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments