MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4bbf19f2ad9ac3f5a816b918e5a2523f40f182b4847ef5ac6daca66094eb36e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4bbf19f2ad9ac3f5a816b918e5a2523f40f182b4847ef5ac6daca66094eb36e5
SHA3-384 hash: 23a578e215abe0366fda6665d3fe445a65f93a7f6b72ded1ac0296466040d9b271efd2b7c29bf417d19ac33cfa403757
SHA1 hash: 5731405d109454c1d055a183f4d2f37f6808efc5
MD5 hash: 1464222bfbb222169def2e7a165e48d4
humanhash: california-double-ceiling-papa
File name:cennc284.exe_
Download: download sample
Signature Gozi
Create hunting rule
File size:248'320 bytes
First seen:2020-05-28 14:49:25 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 1f307c5bb3d1ce990c843ef4a06f0ce2 (3 x Gozi)
ssdeep 3072:Pv/gUdIsnvszOXtnulCYesa7sTph2ludA0X0GCjnV1H3BWXXY/PAJE8:PvIW0admR8APhkfW4p
Threatray 713 similar samples on MalwareBazaar
TLSH C334C0353A90C5B2C16B0BBC8CA7D1F949B57C148E30529B36D58FAF3B2338615B4B5A
Reporter oppimaniac
Tags:Gozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Cridex
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 15:01:31 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
20 of 31 (64.52%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
1bd323c57344a8b38ac22ceec92707ba3b6a30d29b66fc32e163649ea7de8a0f
Gozi
4069689f46e160bb37d2fed931b8aa255f1cc8df5161ae0f5ed67c6bc3ce545d
Gozi
481659d344a246a19eb516b01ea71e074e893f6ab4ba9de11c24fba15a8ec9fc
Gozi
659812b78542044d9ebb46743ecda037762a71a49f05322d5fa9bd8b3337d0d4
Gozi
73872d1c97da41772d51fec33613cc1de32b27b43ec5135d1a1c357de5fb9d77
Gozi
73926cf57488263db6454fecf95436c25aa581ad1c353c135dc3d8e258be2f8d
Gozi
8ce9c42220de87bf0dedab305d7874d286726ac18bae834c80e0d6eba8438df7
Gozi
a362a9d9b6ca4c8d3c0056bd5c7aebb1d3d43ce4dbf9bb6a757949188d16ea5d
Gozi
be14ed801453c78d6c80992705cfe0e7eb03f808d2b28704ffa2925cdc46fdc9
Gozi
fd44086fe5fd433c14f4fc1e03f318353add50ac77dee6da3f64c4d2c5414c1c
Gozi
+ 703 additional samples on MalwareBazaar
Result
Malware family:
valak
Create hunting rule
Score:
  10/10
Tags:
family:valak Loader
Link:
https://tria.ge/reports/201109-yl9gx5ly7s/
Behaviour
Suspicious use of WriteProcessMemory
JavaScript code in executable
Valak
Valak JavaScript Loader
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments