MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 53334b2b8901c9cfb03dfb61eee7fd5a86a15d3d5bcea947349fb7e9f991e5d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 53334b2b8901c9cfb03dfb61eee7fd5a86a15d3d5bcea947349fb7e9f991e5d6
SHA3-384 hash: 3cd74449b57771ad880a48c5653e04048cd24ddcca479d5978785b15a1fc9352eb565cb940f27377ce0aec27602f45e2
SHA1 hash: 2f7684496d775e79626780b8d080ba914d4b853e
MD5 hash: 07b5a2d2e017298afbfa33aaff32cfe4
humanhash: missouri-river-eighteen-pennsylvania
File name:SecuriteInfo.com.Generic.mg.07b5a2d2e017298a.30519
Download: download sample
Signature Gozi
Create hunting rule
File size:518'656 bytes
First seen:2020-06-03 22:37:11 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 03d2bc599c55bd5b2fb46da82b90ff7c (8 x Gozi)
ssdeep 12288:v/4qkMxNyHaVbBvXA2odXPyig6SnbKcn1Skkps3FsAT:Imw2BvXAdXKMUyAT
Threatray 136 similar samples on MalwareBazaar
TLSH 6EB49E6237F80411F2BB4F3848F205119BFEBED5D978C69947C1229909EB290AB7C797
Reporter SecuriteInfoCom
Tags:Gozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.PrivateExeProte-11
Create hunting rule

SecuriteInfo.com.Generic.mg.07b5a2d2e017298a.30519.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Cridex
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 00:52:03 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
zloader
Create hunting rule
Similar samples:
16dd0142263b0ecdd025ec808a6bdd74277eee53c1d9d6c603aafe460f9431d1
Gozi
244bd22b299305418f66c5a6239c70bdc5eced7c0464210feaac591301241cd5
Gozi
624dc347ad3d5ec7699556183514164d575178edc25fa6cf82d6156fe8924f53
Gozi
8179cb45ba2d6df0d25f9e1f382c5b9e8b9b703e4404fa19a9002c78418dedea
Gozi
9aba8d09a3add66da1fb109075cfe60daf120e7513bc11b7a723634c4d14d859
Gozi
9ce2908edf0994f493926514628054634858340fb73f219c38c013f34dd9a429
Gozi
ab92b7c54f6fb064001b3dadf306f85efa7344fc9efa88070bbcd91164e80af2
Gozi
b35ad69768a7ce3db49edb414b855e06236cc9948616b055bd2503e83c2564e7
Gozi
c819184cbc9744c16063570200bea44d1eb2d7e99967b2e8153bd65634f883a2
Gozi
f0276fc95acef71224471aecf0450febfc4b35e8ee9a98d97ce3cf39c669dd33
Gozi
+ 126 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
family:zloader botnet:bot5 campaign:bot5 botnet persistence trojan
Link:
https://tria.ge/reports/201109-k8s7wznd66/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
https://militanttra.at/owg.php
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments