MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4655c0216538f752dea2ce1649807d597cd83a935f1385bdd8f418616de97b68. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4655c0216538f752dea2ce1649807d597cd83a935f1385bdd8f418616de97b68
SHA3-384 hash: 2138fb04d8bab4fbf987b4520055e28771b3729c394f3dcf09e6d86e4cd96264f6c5e836dc2caabb38e325cbf30ce51c
SHA1 hash: 961e11114e1261425485eb085aed5f272a3cb5ca
MD5 hash: cf759a42178be39310e5949f505575fc
humanhash: artist-floor-lima-seven
File name:ffjyc3vu.exe
Download: download sample
Signature Gozi
Create hunting rule
File size:995'328 bytes
First seen:2020-05-18 14:24:07 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 704512abc7c784f4c8019e616d76ef81 (1 x Gozi)
ssdeep 24576:3u0pe/FqHHppnGHFJnP4MBqG4GG2xRCwgyGg5KHmN/:+me/UbOJPdB3G2xRCwg1g5KHs/
Threatray 80 similar samples on MalwareBazaar
TLSH EE256C00B680D038F4BB05F68E7D95AD552C7E604B6494CB72D8BECF6A36AE4AD31713
Reporter James_inthe_box
Tags:exe Gozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/4023/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-05-18 14:23:32 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
dridex
Create hunting rule
gozi
Create hunting rule
Similar samples:
0a383870010db689605e8aac2fd1a9ad284558ef9eccc6d07bdc9dbbc573480f
Gozi
19042ea0e61783a3c281e3f02e0e2e2b07e9421bae0afeeae21febe450510f0c
Gozi
5ade0c4492ffe4b77776543635a5cad0eef6d4a207f69dac0a59f9ad76aa42ba
Gozi
75d79cd50c0f3def32be69db58e716d7094006636c8ff9479254ff34224d327e
Gozi
ab44ef41e492f3df1be566ddde081d666b3e9f55ee6f0f195fe0acd4d9701912
Gozi
d3e9f6933d519b6bd1514ceaaa14df64722214c0c6c2a60a6924c92f284b3c08
Gozi
d77234374d79b24022c26ecdd16a684ae7e94efba502422d74852b0eddd4f1b4
Gozi
e9880c5c608141c8ec12ce1a8d14652731583e4055f74ce2727afe8c3ea15cb6
Gozi
f32072d7d581e1a8d04c47b21dafadd58e3dccc3aa0188d7f95f6867944475e0
Gozi
fcd9abcb235ec7aea9a425394952653a57b44ba9233e934289d2b6892fac82b2
Gozi
+ 70 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet discovery evasion loader trojan
Link:
https://tria.ge/reports/201109-7983rtwyta/
Behaviour
Suspicious use of WriteProcessMemory
Checks installed software on the system
Checks whether UAC is enabled
Blacklisted process makes network request
Dridex Loader
Dridex
Malware Config
C2 Extraction:
173.212.197.71:443
154.0.166.46:3074
185.4.132.226:4664
120.138.30.150:3389
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/4023/
Cape
Cape
https://www.capesandbox.com/analysis/4019/
Cape
Cape
https://www.capesandbox.com/analysis/3966/
Cape
Cape
https://www.capesandbox.com/analysis/3964/

Comments