MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 302b22ef958f04eeef47eaef2fe2d2fd062a17c16683ec8f2cf0b899f19c2acb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 302b22ef958f04eeef47eaef2fe2d2fd062a17c16683ec8f2cf0b899f19c2acb
SHA3-384 hash: 4aeb95acf85ff5d72b29340dccc476b9014db09f61531a16cfbeb05062272650d17a48855a6aad679619320d1e9bfc1e
SHA1 hash: 1c72b2c43959c95ba03e91de78b74ae87b609581
MD5 hash: 860887eda7f501ae0eb217d141e6a3e9
humanhash: chicken-freddie-london-kilo
File name:sample.exe
Download: download sample
Signature Gozi
Create hunting rule
File size:192'512 bytes
First seen:2020-03-30 19:34:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f60b5dab250da4b59c6a8923f6906f87 (1 x Gozi)
ssdeep 3072:kJq/4ppTq9xAkLG3uGN8D3Wx78HA6RO3f1cHr7IE0IVvsLexyHwIC2y:kJPTqDAkAuGK+7mA6RO3Ctf
Threatray 667 similar samples on MalwareBazaar
TLSH 33148D2236D1C0B3D067003A49D5D369E3BAFB708FB64A577BD51B4E2E744AA8639343
Reporter James_inthe_box
Tags:exe Gozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.FileRepMalware.19729.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kgmhmap
Create hunting rule
Status:
Malicious
First seen:
2020-03-30 19:34:21 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
icedid
Create hunting rule
emotet
Create hunting rule
gozi
Create hunting rule
Similar samples:
08f3b51c8493c5ed8948ab35c956a465e0043094248d2f27a5d8fa9a696e3cbf
Gozi
278593e60722d691fe1b23b22cab15294662bbd2ef8ca1ba8e80ca78e872a813
Gozi
3700f2c5fe27c80e41984b2a55f236655a09f0781c05b265bccb26165318d78a
Gozi
39c531db99d46a4b3906a41e6e1afdb2523106c795b11eecaf75bc3a1fbff57b
Gozi
5bd66c88148005029d20c92e1d793f8d41f47a273a9334f9a85ec31148d0b040
Gozi
8d1b83eff1b3c604365fd29de1bb43204852de842c0bb148975fe7a7485310e4
Gozi
927a8d1445750400db3850d0b2dc3522b0f373098385373efa3d7762120f3689
Gozi
aea1d064fb75706dd261f1097f91574050216410ce840e9c7523c46aca53c5f9
Gozi
e94e31beaf1c2a6c24f0973a621c8715faf91a18e8c7acdab8a832021c7ce5f5
Gozi
f3ba5d0b27ff406dcd1c624aee919f394d231b878f040ec23e36c7f0cf81df99
Gozi
+ 657 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_NXMissing Non-Executable Memory Protectioncritical
Reviews
IDCapabilitiesEvidence
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessA
KERNEL32.dll::CloseHandle
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::GetStartupInfoA
KERNEL32.dll::GetDiskFreeSpaceA
KERNEL32.dll::GetCommandLineA
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleA
KERNEL32.dll::WriteConsoleW
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleOutputCP
KERNEL32.dll::GetConsoleCP
KERNEL32.dll::GetConsoleMode
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateFileA
VERSION.dll::GetFileVersionInfoSizeA
VERSION.dll::GetFileVersionInfoA
WIN_USER_APIPerforms GUI ActionsUSER32.dll::PeekMessageA
USER32.dll::CreateWindowExA

Comments