MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1f37c2f248055cb841d03dfdf70260f3b16723476c4dde4c73e3fcca8e33f9c3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1f37c2f248055cb841d03dfdf70260f3b16723476c4dde4c73e3fcca8e33f9c3
SHA3-384 hash: 584c7565ab3a3a38cbe6551495beaa76a9a8e90a2e4fc7e139f3f68bc35054c55e91080c1a61770842274616d584354a
SHA1 hash: 1c3bd35dd430c10a4dd2e188ebad12cc85b6fa63
MD5 hash: 78d273e063049f495d057ba68aa46338
humanhash: pluto-earth-alabama-carolina
File name:acrord32.dll
Download: download sample
Signature Gozi
Create hunting rule
File size:313'856 bytes
First seen:2020-04-22 13:02:50 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 01e923b88bbf8874d1a48732f2e619bb (1 x Gozi)
ssdeep 6144:98N8Nsk2wmMtAH6xX5F2G2z/wbca+kO2:9EhkcMtA05F2G2zIxY
Threatray 82 similar samples on MalwareBazaar
TLSH A664CF017AA0DA68D465687AEE1CC4FD194A3C50DEB098573EF2BF4F3B757E19226302
Reporter abuse_ch
Tags:dll Dridex Gozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
120
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Cridex
Create hunting rule
Status:
Malicious
First seen:
2020-04-22 13:35:32 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
dridex
Create hunting rule
gozi
Create hunting rule
Similar samples:
1dc170fb1ca9e7a48b7b866d7ef0af55d84a7ff819864a5f83ddf9ddf08ffe7e
Gozi
3e45e4e497c317498972fa7789dc00c83b963f8993cd4af4c316291f8745f2c9
Gozi
5f68e13f8bf051e68782ba9f3d67555b3b8ca8d8b06b9d6b98c5c45c7217b1e3
Gozi
72baaecfb7c235e5ecd08aa1d8d8e210edc452f230ece050e1e02badbafadf67
Gozi
75d79cd50c0f3def32be69db58e716d7094006636c8ff9479254ff34224d327e
Gozi
8168819cb693a3a04f771ee119ca00e631a74f09419ad295c5088f1e7a430e98
Gozi
8e06789e952991e6fc483ab0e6bbf08a123922ba354a75c9dc9dcc759c60c194
Gozi
9bd1a0c0564ae97f2b7c62d392fe749fe2459e1b0f16e2aa0625547b411d1a7a
Gozi
e894ace959ac95fda393105d2905b0668ad93781c04be83f9f41fdf38edc1cbc
Gozi
f32072d7d581e1a8d04c47b21dafadd58e3dccc3aa0188d7f95f6867944475e0
Gozi
+ 72 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Dridex

Excel file xls 97bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259d

Gozi

DLL dll 1f37c2f248055cb841d03dfdf70260f3b16723476c4dde4c73e3fcca8e33f9c3

(this sample)

  
Dropped by
MD5 a243d9f801c9004299711a96ecdac4fc
  
Dropped by
SHA256 97bb6f30d2fe5546a810da356e41652d1bccfe2130cf77dec36b9ee17c19259d
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::GetStartupInfoA
KERNEL32.dll::GetCommandLineA
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::GetWindowsDirectoryA

Comments