MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 54ce5aedb7cc073c481eb8af96f89f3ab11e5decaccf942d033479fd0f04c8b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Gozi

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	54ce5aedb7cc073c481eb8af96f89f3ab11e5decaccf942d033479fd0f04c8b3
SHA3-384 hash:	87343e7e93473e4775e5a22e75041923ccf543e9da3c41e1b5b9586df86d17c9bb8ba09a1e06c97de220287fab76b184
SHA1 hash:	c782b922dcc92b24dfd80f98d96b61df64f79f18
MD5 hash:	0b0f6ef1bb8553c3c47e9330781c0d03
humanhash:	july-mike-shade-seventeen
File name:	60ed4ca406c9c.dll
Download:	download sample
Signature	Gozi Create hunting rule
File size:	475'136 bytes
First seen:	2021-07-13 08:20:46 UTC
Last seen:	2021-07-13 13:01:11 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	788765b760ce779595743bf95647fa66 (1 x Gozi)
ssdeep	6144:rX8S3Ph0GSlOfV+PtcULVIwEntdVPI/S1kqsaimUNwU4sAySl9Okt:78S3Ph0Gz86kIwEtkykqrSwUeySl9J
Threatray	406 similar samples on MalwareBazaar
TLSH	T167A4AD007656F831D1E762324F55E6AE538934641B3448CF76E83F9F2FA91E36A3A342
Reporter	JAMESWT_WT
Tags:	dll enel EnelEnergia geo Gozi isfb ITA Ursnif

Intelligence

File Origin

# of uploads :

# of downloads :

796

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Ursnif3

Link:

https://www.capesandbox.com/analysis/171285/

Detection(s):

SecuriteInfo.com.Program.Win32.Wacapew.Cml.24978.19932.UNOFFICIAL

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/79649544-3274-4ac0-aa43-2d05852047fa

Result

Threat name:

Unknown

Detection:

clean

Classification:

n/a

Score:

8 / 100

Link:

https://www.joesandbox.com/analysis/815389

Behaviour

Behavior Graph:

n/a

Detection:

isfb

Link:

https://mwdb.cert.pl/sample/54ce5aedb7cc073c481eb8af96f89f3ab11e5decaccf942d033479fd0f04c8b3/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=kthfv3nxzqdtysa6xcxzn6e7hkyr4xpmvthzilidgr472dyezczq._file

Result

Malware family:

gozi_ifsb

Score:

10/10

Tags:

family:gozi_ifsb botnet:8877 banker trojan

Link:

https://tria.ge/reports/210713-levy8ccgre/

Behaviour

Suspicious use of WriteProcessMemory

Gozi, Gozi IFSB

Malware Config

C2 Extraction:

outlook.com
dronmakerparallel.email
moonlightparallels.email

Unpacked files

SH256 hash:

e3a3aa4c9c55241219cbcb1824617ec6523e5963aea4c9c59e2da29981fb9523

MD5 hash:

40292abe5a0a56a6aa27b16300ab69ec

SHA1 hash:

b3ed08a5215b39f20dc3320f19cf49eefb57b62a

Detections:

win_isfb_auto

Link:

https://www.unpac.me/results/29c25613-06f4-4a8b-be81-312a6408c1aa/

SH256 hash:

54ce5aedb7cc073c481eb8af96f89f3ab11e5decaccf942d033479fd0f04c8b3

MD5 hash:

0b0f6ef1bb8553c3c47e9330781c0d03

SHA1 hash:

c782b922dcc92b24dfd80f98d96b61df64f79f18

Link:

https://www.unpac.me/results/29c25613-06f4-4a8b-be81-312a6408c1aa/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/54ce5aedb7cc073c481eb8af96f89f3ab11e5decaccf942d033479fd0f04c8b3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/171285/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample