MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 054ff4620aaa40928ca67a2c364bedf71d79672874d75ba50ff8231069ad74d9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 054ff4620aaa40928ca67a2c364bedf71d79672874d75ba50ff8231069ad74d9
SHA3-384 hash: cd9fd8ea8aaeb16e7700fd85922a087a033bb76e8e8c20767cf8df4dcc399cee715814a21cb33b03df07fbfe5028b6c6
SHA1 hash: f0acf0b669505bed5bd7fcb7f32c88c08e7de76b
MD5 hash: a52a1e151bf4b993efcff87b3780d731
humanhash: pennsylvania-bulldog-lamp-pasta
File name:ranec11.cab
Download: download sample
Signature Gozi
Create hunting rule
File size:304'640 bytes
First seen:2020-08-21 21:32:21 UTC
Last seen:2020-09-20 04:45:00 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 25bf277adf57e84dedc8c12c78c29f36 (1 x Gozi)
ssdeep 6144:ULdSq++cF0NsjJ8AbcHf97Qv680yDI6S6zIu+vGAOv9IjF:Ux+qNs1dbctQveyDou+vGxAF
Threatray 355 similar samples on MalwareBazaar
TLSH 54549E21BDC2C575C97E08701E64C3A50E7C7CF01DAECD6B578DB92A8E729818A24F76
Reporter malware_traffic
Tags:dll Gozi IcedID Shathak TA551

Intelligence

File Origin
# of uploads :
3
# of downloads :
161
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/49596/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
DNS request
Sending a custom TCP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/445336
Signature
A
b
c
d
e
f
i
l
M
n
o
r
S
t
u
V
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/054ff4620aaa40928ca67a2c364bedf71d79672874d75ba50ff8231069ad74d9/
Threat name:
Win32.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2020-08-21 21:34:06 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
icedid
Create hunting rule
gozi
Create hunting rule
Similar samples:
07fe977241ab3c72ac5653b08767c0aa6f8e37d89f292a9fcc5b30a4e407e68c
Gozi
10cc78e17139d3cc2ec90c88806f85d3a660bf445eda3814650200448df846d7
Gozi
33d4b93f27fa6d5f68443a35b0640269b3f6a1cfd8e0015361e462bc369b0133
Gozi
54a1ff16fd63ead406eec7b18303d4998ff43c078dc8c4257d6ba593a3e3b24d
Gozi
60cb915575571cb1875f15b6d19763bdf52535186c877867c1536e0df8c93fd9
Gozi
72140cd87c7b181794aaf13e8b01f1896c7dfdcd76292bbe11ff950a1630b036
Gozi
99d01c764171af578d6077e52788b0d75f181fdd4e80f2227ae2c473f5b3cca7
Gozi
cb046873b3f030de0d766f937da4c80774804c4f14ffbaa087e710ebfbcd22f7
Gozi
d9b40c2b268ff23981ec939f0b1d8e395df51e0545e1ada4fd1cc16b60c574b6
Gozi
ecfe29ac7905d40cd43e79c1ade25e12c3d01827a49f4a6a7abbea2b65eae839
Gozi
+ 345 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200821-scnhe2x276/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Blacklisted process makes network request
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/054ff4620aaa40928ca67a2c364bedf71d79672874d75ba50ff8231069ad74d9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/49596/

Comments