MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4069689f46e160bb37d2fed931b8aa255f1cc8df5161ae0f5ed67c6bc3ce545d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4069689f46e160bb37d2fed931b8aa255f1cc8df5161ae0f5ed67c6bc3ce545d
SHA3-384 hash: 416bcd6f0eca4697000ef0c13541892ad15c602b54e3113328efce8f8baf5f91a41a6c99d38aa482459fcc32de362bee
SHA1 hash: 8270c4098810834cf01a14e38c81054bf98cccef
MD5 hash: 0274a7ca31ebac9b62ec63a06260407a
humanhash: ohio-shade-sierra-nine
File name:haao15.cab.exe_
Download: download sample
Signature Gozi
Create hunting rule
File size:248'320 bytes
First seen:2020-05-29 09:14:09 UTC
Last seen:2020-05-29 09:57:07 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 1f307c5bb3d1ce990c843ef4a06f0ce2 (3 x Gozi)
ssdeep 3072:Pv/gUdIsnvszOXtnulCYesa7sTph2luGA0X0GCjnV1H3BWXXY/PAJE8:PvIW0admR8AIhkfW4p
Threatray 713 similar samples on MalwareBazaar
TLSH FF34C0353A90C5B2C16B0BBC8CA7D1F949B57C148E30529B36D58FAF3B2338615B4B5A
Reporter oppimaniac
Tags:Gozi

Intelligence

File Origin
# of uploads :
2
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Johnnie.249311.19890.25798.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Cridex
Create hunting rule
Status:
Malicious
First seen:
2020-05-29 09:36:01 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
1bd323c57344a8b38ac22ceec92707ba3b6a30d29b66fc32e163649ea7de8a0f
Gozi
481659d344a246a19eb516b01ea71e074e893f6ab4ba9de11c24fba15a8ec9fc
Gozi
4bbf19f2ad9ac3f5a816b918e5a2523f40f182b4847ef5ac6daca66094eb36e5
Gozi
659812b78542044d9ebb46743ecda037762a71a49f05322d5fa9bd8b3337d0d4
Gozi
73872d1c97da41772d51fec33613cc1de32b27b43ec5135d1a1c357de5fb9d77
Gozi
73926cf57488263db6454fecf95436c25aa581ad1c353c135dc3d8e258be2f8d
Gozi
8ce9c42220de87bf0dedab305d7874d286726ac18bae834c80e0d6eba8438df7
Gozi
a362a9d9b6ca4c8d3c0056bd5c7aebb1d3d43ce4dbf9bb6a757949188d16ea5d
Gozi
be14ed801453c78d6c80992705cfe0e7eb03f808d2b28704ffa2925cdc46fdc9
Gozi
fd44086fe5fd433c14f4fc1e03f318353add50ac77dee6da3f64c4d2c5414c1c
Gozi
+ 703 additional samples on MalwareBazaar
Result
Malware family:
valak
Create hunting rule
Score:
  10/10
Tags:
family:valak Loader
Link:
https://tria.ge/reports/201109-p92ktfyyks/
Behaviour
Suspicious use of WriteProcessMemory
JavaScript code in executable
Valak
Valak JavaScript Loader
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments