MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 171c18f740641ffc0e1ce486feacabb367292d01627a7103cd614e9a746a9b9c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 171c18f740641ffc0e1ce486feacabb367292d01627a7103cd614e9a746a9b9c
SHA3-384 hash: 79d7c9d9d6f8ef8fed41e10ce495c8cdc88fa0e7520882101c4392faf9a1f756b5ffc7a7040280e606909cf7ccd025d9
SHA1 hash: 462199537e90680d68d8ef75aa44ed81e90067e0
MD5 hash: 9f0a6d9aafadb96a71a49e83c981c7b8
humanhash: cat-edward-arizona-idaho
File name:171.dll
Download: download sample
Signature Gozi
Create hunting rule
File size:464'896 bytes
First seen:2021-07-14 13:37:23 UTC
Last seen:2021-07-14 15:07:55 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 00fb3ea211c64833592a3bd90c60f939 (1 x Gozi)
ssdeep 12288:0zpGlmmfZ9mro1S+FUUEMK/WEOEX9V11yS:qAZfLm01S2EMYOk71
Threatray 428 similar samples on MalwareBazaar
TLSH T1E8A4AD103650E831C6D6A2314F21D6F4176937B01B7054CF76E87EAF2F6A5E32A3A34A
Reporter 0x746f6d6669
Tags:dll Gozi

Intelligence

File Origin
# of uploads :
2
# of downloads :
266
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Ursnif3
Create hunting rule
Link:
https://www.capesandbox.com/analysis/171668/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.37231219.12840.26911.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/c5198ea4-31d0-4d26-9ab3-30a79be168ea
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/816237
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 448648 Sample: 171.dll Startdate: 14/07/2021 Architecture: WINDOWS Score: 48 19 Multi AV Scanner detection for submitted file 2->19 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 rundll32.exe 7->11         started        13 rundll32.exe 7->13         started        15 2 other processes 7->15 process5 17 rundll32.exe 9->17         started       
Detection:
isfb
Create hunting rule
Link:
https://mwdb.cert.pl/sample/171c18f740641ffc0e1ce486feacabb367292d01627a7103cd614e9a746a9b9c/
Threat name:
Win32.Trojan.BankerX
Create hunting rule
Status:
Malicious
First seen:
2021-07-14 01:13:28 UTC
AV detection:
11 of 29 (37.93%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=c4obr52amqp7ydq44sdp5lflwntsslibmj5hca6nmfhju5dktooa._file
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
128674ced35bebfc9dd171633b6570b3c127d89af1ed01f86db8dfc6999450b0
Gozi
310ac7c48b536f71a16706f67fd4d2bed5d9f5708dd460cf3cbc0cd34f43a3ed
Gozi
4eedda82bcd9d7789aa060262cbcddb7dccc4661e70984ebf31f80954ffc90a7
Gozi
54ce5aedb7cc073c481eb8af96f89f3ab11e5decaccf942d033479fd0f04c8b3
Gozi
6c99703002ea5284f603d0041f3a72b3a9e26f8f7af45a1f5e34e4297be0efb8
Gozi
6e4568c87d8d2b5d6428ce46362b1ae29559047aafc275948cd4510573e460a8
Gozi
8328e3fd543f366d1625e37bf5b002b5d057b2d80aa2250326c174425886c1c0
Gozi
aa56916f2b2343a71ffbb8e8e28350d2cdd54ece785712703de5a703d58bb4df
Gozi
cb7c95db9ce05d2304a4a98687a4b92f85081e1b7397820a52487b277ee1f2e1
Gozi
+ 418 additional samples on MalwareBazaar
Result
Malware family:
gozi_ifsb
Create hunting rule
Score:
  10/10
Tags:
family:gozi_ifsb botnet:8877 banker trojan
Link:
https://tria.ge/reports/210714-z2bnd3p16x/
Behaviour
Suspicious use of WriteProcessMemory
Blocklisted process makes network request
Gozi, Gozi IFSB
Malware Config
C2 Extraction:
outlook.com
dronmakerparallel.email
moonlightparallels.email
Unpacked files
SH256 hash:
72e97f0cb18c4c7efd042107af1934ceca4f583a1c3706e0b4ccb64b3123cae8
MD5 hash:
60f7e179881ba8d32f14a7e4b727311e
SHA1 hash:
96db7c59e3b7d69b6c304e3983c7a23aa5180d66
Detections:
win_isfb_auto
Create hunting rule
Link:
https://www.unpac.me/results/77b60eb1-4afe-4948-8f18-aa02040242b4/
SH256 hash:
171c18f740641ffc0e1ce486feacabb367292d01627a7103cd614e9a746a9b9c
MD5 hash:
9f0a6d9aafadb96a71a49e83c981c7b8
SHA1 hash:
462199537e90680d68d8ef75aa44ed81e90067e0
Link:
https://www.unpac.me/results/77b60eb1-4afe-4948-8f18-aa02040242b4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/171c18f740641ffc0e1ce486feacabb367292d01627a7103cd614e9a746a9b9c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/171668/

Comments