MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fffd7bc61eb5b9759a97699efdf9455b76d9e198b87d75ebdb8a2fa2a4a08306. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fffd7bc61eb5b9759a97699efdf9455b76d9e198b87d75ebdb8a2fa2a4a08306
SHA3-384 hash: 1ccf16b3cb57e47d7e84ef5987b573891e8a99239267be8f48a8fcb7c331186e0cb4221fd727fec54ac085980537cf53
SHA1 hash: 3797c53fc81d27f6e4ef041323bb6c8d38888b88
MD5 hash: 2fa4f74d7a863c65769becdb7e81a752
humanhash: table-timing-mississippi-high
File name:z.dll
Download: download sample
Signature Gozi
Create hunting rule
File size:417'792 bytes
First seen:2020-04-21 16:40:35 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 857597d7f91b79af71673c41e47d9d6a (1 x Gozi)
ssdeep 6144:h2vdxNKnn0QISXmWErw+MIXLb/fCGu4GxhvXbbuOK:sdxNKnn01HWE0jIXf/6z4GvTb
Threatray 45 similar samples on MalwareBazaar
TLSH D794BE16FED6D5D0F438447ACE18C1FC1A9A3C86DEB154AB7BE07F8FBAB12A55210520
Reporter abuse_ch
Tags:dll Gozi ZLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Zloader
Create hunting rule
Status:
Malicious
First seen:
2020-04-21 17:35:32 UTC
File Type:
PE (Dll)
Extracted files:
7
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
zloader
Create hunting rule
gozi
Create hunting rule
Similar samples:
2f2670e8a7845cf300320415c6a16ffc34e662672f16d7cfcf5b911d088516d9
Gozi
3648fe001994cb9c0a6b510213c268a6bd4761a3a99f3abb2738bf84f06d11cf
Gozi
a47685b867e6b164a812a05f35b6732c9b81f1fc75b2a7242c18436a9329d247
Gozi
bc0b57f04efe4239fcc02f049c97016c653c963de8cbe45bcf9449cd16919f08
Gozi
c44e8d9dba3b4a4cc835b460e69d336347fd3fbfb67621d7cd6e8723976607ce
Gozi
c55e3938e9c2c9d00235d8ed87a55adc18fa1c6377a9ee0fd6212916c67d0020
Gozi
d63088780e90eda6a7ce286d6b190614f0ea6f1f55c6e6e9d6a30260eb84d03c
Gozi
e4601ce15ad7bca4617ad033f129a5d507f8e55b979c97a78cf31a6f501cb046
Gozi
f27183fd7586c6eaca1f6aaed3a7c3c6e52894e23b9656c3953318a85bbbec5d
Gozi
f2e73ee6ab0ad79e0cd537bd856d9e694851912283bca7fb73eb3fc335528353
Gozi
+ 35 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gozi

DLL dll fffd7bc61eb5b9759a97699efdf9455b76d9e198b87d75ebdb8a2fa2a4a08306

(this sample)

  
X
https://twitter.com/DynamicAnalysis/status/1252616223445135360
  
URLhaus
https://urlhaus.abuse.ch/url/347721/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::GetStartupInfoA
KERNEL32.dll::GetCommandLineA
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateDirectoryA
KERNEL32.dll::DeleteFileA
KERNEL32.dll::GetSystemDirectoryA

Comments