MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f2f44eec27272e3c0005982960896ab57da9a745ab2d4a1249da3fc8eddfad30. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f2f44eec27272e3c0005982960896ab57da9a745ab2d4a1249da3fc8eddfad30
SHA3-384 hash: b762c8289917b8a1a419f055e8aa9beb3d4ce6965a67ce719ce2cdaf35245c675bcfd85ce037a65f549b237c9e4383c9
SHA1 hash: 9034516c46e7431e89b4f4b3caf7d5f86f9654c7
MD5 hash: 4cc57d0967bdc89e08f6af27bebdd3c3
humanhash: queen-mango-uranus-snake
File name:5efc814737f21
Download: download sample
Signature Gozi
Create hunting rule
File size:201'728 bytes
First seen:2020-07-01 12:30:12 UTC
Last seen:2020-07-01 14:17:00 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 1d7b99e6842eab4a33a218b843735a7c (2 x Gozi)
ssdeep 3072:rF5o6DXz7mBe9L7TjAeIxgL0aZpaQS/EbXCCsycUD5qb+u4:x5o6vd7TUeCA/lDTND5
Threatray 678 similar samples on MalwareBazaar
TLSH 8914E122BA50D875C19B64789C36C7B51BA9BC649F70DC8372DA6F8F6F202C0D536642
Reporter JAMESWT_WT
Tags:dll Gozi Ursnif

Intelligence

File Origin
# of uploads :
2
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/18244/
Detection(s):
SecuriteInfo.com.Generic.mg.4cc57d0967bdc89e.3165.UNOFFICIAL
Create hunting rule

Detection:
isfb
Create hunting rule
Link:
https://mwdb.cert.pl/sample/f2f44eec27272e3c0005982960896ab57da9a745ab2d4a1249da3fc8eddfad30/
Threat name:
Win32.Trojan.Ursnif
Create hunting rule
Status:
Malicious
First seen:
2020-07-01 12:32:04 UTC
File Type:
PE (Dll)
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6l2e53bhe4xdyaaftauwbclkwv62tj2fvmwuuesj3i74r3o7vuya._file
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
1007538050a92f07d23ac2be6956f577fbfd459381415b40a3b53b794a6d5211
Gozi
346b977e05b99881c7ec168c2fa0b68f84ec633d764eb52dd9795e372f45b1b4
Gozi
34fd926b213a1c5726124dff74dbf69c731f8e823168d17cc1c9448501ed314f
Gozi
54605638380151e63c23aa77cb6ecf309fb943eb9f7e4d96c1dce197c2bddf21
Gozi
77ded4f64eec0094fdfa843dfe4f36a559fbf8fa5c39fda7b63013def76ace7b
Gozi
8116f086d5b222ea6d3ac385bbc8f3a88c19f920435e1ba274a1f46702ab10a2
Gozi
d5b2b88dab809a7cc7688d6358c2b2d78b0f5278c72226f79673fce1bfe3aafa
Gozi
dc0df8f5ee0e898e069643a84cbc8154d6191f081665e245f1a9e2085028062f
Gozi
f53226476a8190fb69a366544e4f394e50e487c429977165a5efdd9e1dbec83e
Gozi
fb75efa8434d35a049d6608b6534df5c0716d33eb373f63cda5333796e16f1ec
Gozi
+ 668 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
banker trojan family:gozi_ifsb
Link:
https://tria.ge/reports/200701-56aw8ewrdj/
Behaviour
Checks whether UAC is enabled
Modifies Internet Explorer settings
Modifies system certificate store
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Checks whether UAC is enabled
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Gozi, Gozi IFSB
Gozi, Gozi IFSB
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/18244/

Comments