MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 35dc29c0132f1684fc8ed518f98d959bd982ef058b3ba24d8a23ea1507452621. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 35dc29c0132f1684fc8ed518f98d959bd982ef058b3ba24d8a23ea1507452621
SHA3-384 hash: 396beba2e35652a074bbeaeff328b0d3e06b797d6e6f2197e6bfa5e4c8777f907379ffb4660502d7e7554636ef66075c
SHA1 hash: 895ec4c17b534324b63098d5c8d29e2c4dcc743c
MD5 hash: 531bfea83204df3fab21f07a9751bcb7
humanhash: pennsylvania-sierra-video-beer
File name:iec56w4ibovnb4wc.onion_Library__GoziGroup__KRKeMaIts.exe_.exe.malw
Download: download sample
Signature Gozi
Create hunting rule
File size:398'528 bytes
First seen:2020-03-18 22:12:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8c958c88156ebb6ca95a073dd1e6f0d5 (1 x Gozi)
ssdeep 3072:6d9/aI5Tfnk061mO9PWBBHq38k73JPcoIqzk9aETK0/SryFoWiYc+/vcbef50JUJ:63z9HGAbk7F509pb9
Threatray 1'011 similar samples on MalwareBazaar
TLSH C7847A91E148ACE9D41711BE9C3EF911181A7F8944B5D6093A3E7F1A7FF338224A6D0E
Reporter ov3rflow1
Tags:Gozi malw

Code Signing Certificate

Organisation:COMODO SHA-1 Time Stamping Signer
Issuer:UTN-USERFirst-Object
Algorithm:sha1WithRSAEncryption
Valid from:Dec 31 00:00:00 2015 GMT
Valid to:Jul 9 18:40:36 2019 GMT
Serial number: 1688F039255E638E69143907E6330B
Intelligence: 6 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: DF5AA7FAC68D7B0ABF52C404CB0587BE2670D4BD8A289691043F5BE17FC65373
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Gozi.316.8888.7703.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Emotet
Create hunting rule
Status:
Malicious
First seen:
2018-07-31 01:05:40 UTC
File Type:
PE (Exe)
Extracted files:
11
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
dridex
Create hunting rule
emotet
Create hunting rule
Similar samples:
1c359f210df80175b3fe8205db122f9380bbf4fcf2eabfc10c98a32d79e21c44
Gozi
278e368f49b3dc5e72eb5c81abc8b379167ab4a1ef282c61485dccd5cbd12b8d
Gozi
2b648f76aaae28bfbe8e9e4be3db323aefd3933a60ad6ec4d1847b78d8282a3f
Gozi
30c57f5803c861c2d36fc003f855ee9857e4aebc864be6b9f898176f93e3cbd3
Gozi
3c1ce75269219a15d338a103c5e5baf8629438d062474a7c11e3792fdcabdf06
Gozi
99146cd4d31df0f8f76aab7a7f78992140ead8d7ff847b9c56707335d81d96e4
Gozi
9ee6e02a3e8070a4d501f7033f54d17781d2d4f43bf3b0717e15d63a1fa2e145
Gozi
b3080e3dea927ae5c6d02fad35de244bf93c1d2594ad0d8cfb3900aaaa014f30
Gozi
f6e897ad1b6e528be9e2caa9cb1ad48d451b354681636e160cc4e9c7a0c6ab43
Gozi
f6fc7442449ac48b039f5e29230bd26383b62bee2a050f5e81553755b69e6f25
Gozi
+ 1'001 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/35dc29c0132f1684fc8ed518f98d959bd982ef058b3ba24d8a23ea1507452621

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/36950/
  
URLhaus
https://urlhaus.abuse.ch/url/95554/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
WIN_BASE_APIUses Win Base APIKERNEL32.dll::LoadLibraryA

Comments