MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2a72302c1e76b436da9f0e37941a6e3c1f9921a54bc0bf78d7fe90cf876a6516. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2a72302c1e76b436da9f0e37941a6e3c1f9921a54bc0bf78d7fe90cf876a6516
SHA3-384 hash: 310c5e2e0b167722e4ffbe97b1dba63e273ec1f32ea195c4f9805ab8de872039f7932d3211b3c8e73a9a81b254ea951c
SHA1 hash: 2c65dc7c21c73a1be40ba9d07ac8939b03218acf
MD5 hash: d771a73b5dcc5ce0bde8b9b86b03fc35
humanhash: pennsylvania-nuts-foxtrot-uranus
File name:RIMESSA_CASSEGNI03016023_3764.js
Download: download sample
Signature Gozi
Create hunting rule
File size:6'989'246 bytes
First seen:2023-03-16 09:47:09 UTC
Last seen:2023-11-11 16:46:53 UTC
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 49152:KWq5MkvoBraFUkvoBraFUkvoBraFlgOQBrg6M9p9Uo8E+6PekIPwaAhtgXdEkIPH:Q
TLSH T1A06612498B134EECE9981E9C14F91ED81AE83D733964EDE59C3F304349326A520B796F
Reporter JAMESWT_WT
Tags:GLS Gozi italy js Ursnif

Intelligence

File Origin
# of uploads :
3
# of downloads :
292
Origin country :
IT IT
Vendor Threat Intelligence
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6412e5d5b9d0c3930ff584b6/reports/e96af70f-6a27-4806-af77-e16c9a7fed30/overview
Verdict:
Suspicious
Labled as:
Trojan.Script.ExpKit
Link:
https://www.hybrid-analysis.com/sample/2a72302c1e76b436da9f0e37941a6e3c1f9921a54bc0bf78d7fe90cf876a6516
Result
Verdict:
MALICIOUS
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1194812
Signature
Creates processes via WMI
JavaScript file contains suspicious strings
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2a72302c1e76b436da9f0e37941a6e3c1f9921a54bc0bf78d7fe90cf876a6516/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fjzdala6o22dnwu7by3zigtohqpzsinfjpal66gx72im7b3kmula._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/230316-lssecsce3y/
Behaviour
Modifies system certificate store
Blocklisted process makes network request
Process spawned unexpected child process
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2a72302c1e76b436da9f0e37941a6e3c1f9921a54bc0bf78d7fe90cf876a6516

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments