MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 23b3a2baa530530acde54186c3d9f2ed3be74a9465a6417b2d266f18bdb9e070. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 23b3a2baa530530acde54186c3d9f2ed3be74a9465a6417b2d266f18bdb9e070
SHA3-384 hash: f747dab40e907a5ce843f0ff23c75927cc2aa53a2280bb3443f8dcc5138c3a39a54c600a3a8ed2663de647abf8eaaa73
SHA1 hash: d6c971216173af40a89297885ccc3071516ef7ee
MD5 hash: 779550bcfef626e2f1f80dfd16dc3910
humanhash: fillet-vegan-xray-uranus
File name:SecuriteInfo.com.Variant.Graftor.770268.3805.22486
Download: download sample
Signature Gozi
Create hunting rule
File size:229'888 bytes
First seen:2020-07-21 00:46:35 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 87fc93cb54b57f245d75a270795c77aa (114 x Gozi, 1 x TrickBot)
ssdeep 3072:U6VYA6I0oElwS9ciW+eM+ppv2LHFBp6+7bUSrtB0J3B1rq46vqDyPIKpPLq/M:UWxXElK+Spv23wSlt6JR1YSDuImq/M
Threatray 785 similar samples on MalwareBazaar
TLSH 75248D0075848039E9BF02364A7ED668467CBD218BA1D9EBB7C84E4F5B390D27B31767
Reporter SecuriteInfoCom
Tags:Gozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/29470/
Detection(s):
SecuriteInfo.com.Variant.Graftor.770268.3805.22486.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/392152
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/23b3a2baa530530acde54186c3d9f2ed3be74a9465a6417b2d266f18bdb9e070/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-21 00:48:21 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
icedid
Create hunting rule
gozi
Create hunting rule
Similar samples:
16820bf3fb6e0a8c9f4b5790fb5dfc8c835cf7c96c9bf44cc1b092b1a1849e9d
Gozi
3d321c9e2f63ea70c5701e85f766980a9e978e802907d1a4d8f0aee2ceb9e709
Gozi
3dc82a244461087be6a1a675c8afbe868fbe6ab8c5d9261f177cd0322b727ac9
Gozi
50c534de93fde3f578fc4b0a090a97673ff6c44e8ceb344c1b706a1bf523bb8e
Gozi
61b4fc40c6bb3a1902d799dfbc89b2c4c1aa0b7b06998a966ff57cf11a1ea138
Gozi
80fbe00737ff292a77c245496c72062d1a843e6caf698ac7deb2f00d31ea11f0
Gozi
86c4a0358f3fd1bf879f3cb043fe032cb24e86fe5f099183a15ab8776e88ee7e
Gozi
9ca52c7b92eb37c87f7e8519fb9e369643b0d21b313dc7efae65099889a4e962
Gozi
be4645b3f41904727a3c03d7374aabe7cc4573385579e34bb0c97358b7252083
Gozi
f925664a36fcddaf5c9d04ab3dab7f282eff2b6698279af6772bc41af6ca640a
Gozi
+ 775 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200721-6tlm5crnfj/
Behaviour
Suspicious use of WriteProcessMemory
Modifies system certificate store
Suspicious use of WriteProcessMemory
Blacklisted process makes network request
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/23b3a2baa530530acde54186c3d9f2ed3be74a9465a6417b2d266f18bdb9e070

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/29470/

Comments