MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 33a254d82ed46fb2c38d0ae52dbefb012fb3b9e61e7cd8ebb5f0163e4a635a3e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 33a254d82ed46fb2c38d0ae52dbefb012fb3b9e61e7cd8ebb5f0163e4a635a3e
SHA3-384 hash: 261e167f68a67bc6fddc8e1aabf533919948ef66e1027b764dace4fa54cb2b886297c83a91f6e7987b6e26e07913cffb
SHA1 hash: a91f9eff5b15f25be0d2048d5c1773efe59d8c14
MD5 hash: 59e55f3cadc5e9b2755b1a27936f2836
humanhash: edward-six-montana-cardinal
File name:59e55f3cadc5e9b2755b1a27936f2836.dll
Download: download sample
Signature Gozi
Create hunting rule
File size:144'384 bytes
First seen:2020-07-15 16:11:45 UTC
Last seen:2020-07-15 17:06:30 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 01e959959a9d2aa736034c1c52b0b2ae (2 x IcedID, 1 x Gozi)
ssdeep 3072:59f/ubctSGW7qyrIvTH2u38RCQzF+K2WWaIrExRMJd:5I4k57ZrIrWu38fp2WUFJd
Threatray 841 similar samples on MalwareBazaar
TLSH 8CE3AF017A81D472E6BF1D390974E675073D3D20EBA48EAB77C42A7A5E700D0AE35E27
Reporter abuse_ch
Tags:dll Gozi

Intelligence

File Origin
# of uploads :
2
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/26086/
Detection(s):
SecuriteInfo.com.Gen.NN.ZedlaF.34136.iy8@aK6Xubki.32362.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/33a254d82ed46fb2c38d0ae52dbefb012fb3b9e61e7cd8ebb5f0163e4a635a3e/
Threat name:
Win32.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2020-07-15 16:13:04 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
icedid
Create hunting rule
gozi
Create hunting rule
Similar samples:
0aa2727753d68654ada04a86531c216b15754fe0fabb38bf5db9c9bd4d8933a8
Gozi
4060134612ebdaae96a4dea94b5b876f7bfee97cd5d1e0e6f8659c71165cc476
Gozi
45100eae0d92ac2d1142ffd48e6b478c78ca3707601705e867e0e6597e385c5d
Gozi
60adb0a8bb01a52de96c31213433954834f2ca43b677ec67737ad12e633a5c18
Gozi
94349d76ec1a0c4f60d8d6b59e5dd0883a533a17c9a7c7a87cab5d4540e5d4ea
Gozi
948989af594ba4896284c729cc9a0b6d110d7d7a1960e00084a35076cf4a2fe7
Gozi
a81aa093f5b1278af943f7b47498e2b3847394187e19a66b3bd5e6a302dc9e38
Gozi
bbd6bde5b8c92642cf6bf2cc0e3c64e41079b1a4a587423265fe9d589bf4d1f3
Gozi
e5f1b3c69e967ec1531a0fb923599009fd86a9667110079be0b8cf50360f4e8c
Gozi
e98b07ca60ea27b79f08543d4c6ab61b47366a5f49898622f2ee90f7d12ada55
Gozi
+ 831 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200715-6k5nyh3hlj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Modifies system certificate store
Suspicious use of WriteProcessMemory
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Blacklisted process makes network request
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gozi

DLL dll 33a254d82ed46fb2c38d0ae52dbefb012fb3b9e61e7cd8ebb5f0163e4a635a3e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/413153/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/26086/

Comments