MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eaf0b4e39ae638cad739fcba10d65e7807cf270ed6cfd650ade939af4d489088. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eaf0b4e39ae638cad739fcba10d65e7807cf270ed6cfd650ade939af4d489088
SHA3-384 hash: 28104d97d961a440afff414437e7444e6f01302f9b94da1f569558031aea90feb9c3ddb3913d8dcad93f083b590ca9b7
SHA1 hash: 823be11e6e4ee4f3daedf0d0b623c4f0e1ff09dc
MD5 hash: 68d5c5267adeeb8c65feb7dccbb112ef
humanhash: seventeen-fix-low-south
File name:SecuriteInfo.com.Generic.mg.68d5c5267adeeb8c.21316
Download: download sample
Signature Gozi
Create hunting rule
File size:721'408 bytes
First seen:2020-05-29 09:16:32 UTC
Last seen:2020-05-29 09:57:02 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash c50d9bea08639b9176aabe1a254bcf6b (3 x Gozi)
ssdeep 12288:CoYYiLPRW/httePP2JG9rPoC9JoOn7cGOAPG/MzTWD8jZSmA6pNFqvPWR1:MV9wReYGXn4kO/MzK4jZpAMqa
Threatray 27 similar samples on MalwareBazaar
TLSH A5E4CF363A9195BAE10F0A7E5C13C4B48AB17C58933144DB36C18E6B173B68B8DE4F97
Reporter SecuriteInfoCom
Tags:Gozi

Intelligence

File Origin
# of uploads :
2
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.PrivateExeProte-11
Create hunting rule

SecuriteInfo.com.Generic.mg.68d5c5267adeeb8c.21316.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-29 09:36:11 UTC
File Type:
PE (Dll)
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
01173873e92d5dd520fa88e8587ec05c92e3f36f6136b8ff50fd1b0b13df1401
Gozi
1b4e008beb2b395e53648c9a246ecafcb3df0543c5236a40cdb976a2007bbf97
Gozi
1dd6f607717de939a61667dd9db86d4d0cf7a90f884af5fac81d35982d36c53c
Gozi
27b3c804921ba560e04fcff33f185c76b08bf4473fa7f1bb699645e6da86c52e
Gozi
8564809c3aaa8e94463ec9ac0fb4e51c52c5e57a25ea09a997258184c656389a
Gozi
8914aa5433f7284881402dc27336d96baa74c6e7ce16f28531bb917c1dfa3e0f
Gozi
b580afe615e4e13cffbcd130379521dcfdd89c2b36a0ab1d4b5fef98814b141e
Gozi
bd0d1a5cc00640c72a4581df4d4c86caa627b07f1b8931920b9742855db35851
Gozi
e4bffaffaa1de9c8d8fcd49caf92c585277145c9a1d15f5d7a60e20ed1334e22
Gozi
f54d245e7fdffb4b6886f2e68c401c4afde2637359aa5f0fb2b1a1c2eadde6c3
Gozi
+ 17 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
family:zloader botnet:bot5 campaign:bot5 botnet trojan
Link:
https://tria.ge/reports/201109-t3cqh4j72x/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
https://militanttra.at/owg.php
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments