MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 edaad6c9c254f0799e1c6528ac77483cf2700cd934202e0f60f04f8d155c4f5e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: edaad6c9c254f0799e1c6528ac77483cf2700cd934202e0f60f04f8d155c4f5e
SHA3-384 hash: af59bb9e4b784e00f4d0736a2bbea06aa768227f7549da3e778a7728ba55e7e23495ef0f47c32b6a8b53552efbd7613b
SHA1 hash: 5e5ca17d7fe4020b9f9294799998f629abac57e0
MD5 hash: 92dd2f22a59a216893d6d9010a7cf8d7
humanhash: five-hydrogen-illinois-artist
File name:kpt1
Download: download sample
Signature Gozi
Create hunting rule
File size:213'504 bytes
First seen:2020-07-09 10:53:19 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 48e14e386e1bef25262062c93db4374a (5 x Gozi)
ssdeep 3072:+Qae/IRp+4YNcATYzeUudRd87PIiFWHZg+bsFhJOP:3Q0XIbgPQWCFo
Threatray 900 similar samples on MalwareBazaar
TLSH 7124E110B891E476D00B407DCC22C2F8922A7C21AFB5CD8736DE9F9F2F233965679959
Reporter JAMESWT_WT
Tags:Gozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/23677/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Using the Windows Management Instrumentation requests
Creating a window
Searching for the window
DNS request
Creating a file
Detection:
isfb
Create hunting rule
Link:
https://mwdb.cert.pl/sample/edaad6c9c254f0799e1c6528ac77483cf2700cd934202e0f60f04f8d155c4f5e/
Threat name:
Win32.Trojan.Ursnif
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 10:55:05 UTC
File Type:
PE (Dll)
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
3a24a5ef5c6045ff597b4b76d9070f7beae8fb6ca791f9bac231673f2bd62759
Gozi
54256f630247bd09af0bc01c2dafe121b8d7334b4bbd1f36092da2e66e3983c5
Gozi
577423ddac7ca6f9b623e528452e4455015d71aa690d44a026c40c6dcaad9569
Gozi
591c648b11ffd7b4ed631793786ca67075b6d2f4e362716cc6b5ac24f2b7961f
Gozi
6a39a3e7387f3d214042b2d9d99f4d6de18303d56ad96c9a48df20cf4693091b
Gozi
7398048e3cb424344def184f417b3cbfa1451bf0fa8219c875be0f195468c46d
Gozi
a1a6e3603e050afbe4bd74f714f4bfc69f9f7ff51fc7e6e890a1eab04ccf1737
Gozi
c9605153d7530d299bd0938837491114de48ee49eb6f25a5bad8c20705989dc0
Gozi
e3b9e0c9c3637a620a1fd51cf8bcf63bfe988193fc18fa7eb7a4d19e3b9ee467
Gozi
f53226476a8190fb69a366544e4f394e50e487c429977165a5efdd9e1dbec83e
Gozi
+ 890 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200709-6pr95xrgl2/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Checks whether UAC is enabled
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Checks whether UAC is enabled
Modifies Internet Explorer settings
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/23677/

Comments