MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5657bb527b62a7a83fb6542f2f80f50d0574dfa0b26a26ff26deb9029687b19a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5657bb527b62a7a83fb6542f2f80f50d0574dfa0b26a26ff26deb9029687b19a
SHA3-384 hash: 8fadb6b10ef5fbe356338476a7b27fc52084ea1ac57cfb38603069e26fb28d3c5d1512a012fae08840bd2baaf7248359
SHA1 hash: b74a83fff39fe91097e502ae214e8e9ce998e4b1
MD5 hash: 242ca0c987f3b4ab2083131df6435527
humanhash: zebra-orange-avocado-lima
File name:61485efd6621c.dll
Download: download sample
Signature Gozi
Create hunting rule
File size:401'408 bytes
First seen:2021-09-20 10:15:08 UTC
Last seen:2021-09-20 11:07:56 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 24875872bfb48e43a35582603ed00a70 (1 x Gozi)
ssdeep 6144:M3XNL4UBjlWzkeFxH3+umm6M0luIbNlPo5EbpB0q4Rw3SBe4+R8Slg5LL:a9rjlWznxXvmhM0lugA4vqRw19mR5
Threatray 2'083 similar samples on MalwareBazaar
TLSH T10284DF2BBED3D075C82D44B5C891DCE23678B846AD68C6937AD83F3F19B30816D9A14D
Reporter JAMESWT_WT
Tags:brt dll Gozi isfb Ursnif

Intelligence

File Origin
# of uploads :
2
# of downloads :
931
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/189385/
Detection(s):
SecuriteInfo.com.StaticAI-SuspiciousPE.24478.6162.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Malware family:
Ursnif
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ac0db2a8-cfea-48bc-93d7-a660b0bd1182
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/853918
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 486349 Sample: 61485efd6621c.dll Startdate: 20/09/2021 Architecture: WINDOWS Score: 48 19 Multi AV Scanner detection for submitted file 2->19 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 rundll32.exe 7->11         started        13 rundll32.exe 7->13         started        15 6 other processes 7->15 process5 17 rundll32.exe 9->17         started       
Detection:
isfb
Create hunting rule
Link:
https://mwdb.cert.pl/sample/5657bb527b62a7a83fb6542f2f80f50d0574dfa0b26a26ff26deb9029687b19a/
Threat name:
Win32.Worm.Cridex
Create hunting rule
Status:
Malicious
First seen:
2021-09-20 10:16:06 UTC
AV detection:
21 of 45 (46.67%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
0a3bc15ceb80f700d80b7d651ff378cf407c239f3e513e3bc9bd854f82f7e22c
Gozi
0fad99df64bf4006dbc91b0ad6a3bb38170561ecc759d352a6912e4c86d5c682
Gozi
2e5118d15a18ae852bf94d91707ff634d9d8354fef492f5c4e1c46b9cf96184c
Gozi
6700cc014e9ef5473a909a0c10d644661ccd0750ca942abd458cec91e32bf551
Gozi
b7d73139f8758b04508d6873dd29011ab35b336b73ece0d4ea0710399c960180
Gozi
e4a5317a1b7c1ab91bb131dba5fea06fdb89e38c291e17f71b5c1634cfddecbe
Gozi
f28c1c6e9c3c394739a6d79e4d748941b9c0a3576d084380485aa8d807a2266d
Gozi
+ 2'073 additional samples on MalwareBazaar
Result
Malware family:
gozi_ifsb
Create hunting rule
Score:
  10/10
Tags:
family:gozi_ifsb botnet:8877 banker trojan
Link:
https://tria.ge/reports/210920-massvadff3/
Behaviour
Suspicious use of WriteProcessMemory
Blocklisted process makes network request
Gozi, Gozi IFSB
Malware Config
C2 Extraction:
outlook.com
jkdoiloooooo1.nl
nkdlooooalksloooo.nl
Unpacked files
SH256 hash:
69c5ada89b824bb0a3392e94a03a206b88aba2479eb5b6db16249bbd9f777f32
MD5 hash:
fdae235cac0df4b642023096bcbc1f8c
SHA1 hash:
b181358c72f431a631cf682a62e85031cdf1b4f8
Detections:
win_isfb_auto
Create hunting rule
Link:
https://www.unpac.me/results/f130de33-cdd6-4cd0-9518-20bf2d2d4a56/
Parent samples :
2e5118d15a18ae852bf94d91707ff634d9d8354fef492f5c4e1c46b9cf96184c
5657bb527b62a7a83fb6542f2f80f50d0574dfa0b26a26ff26deb9029687b19a
SH256 hash:
5657bb527b62a7a83fb6542f2f80f50d0574dfa0b26a26ff26deb9029687b19a
MD5 hash:
242ca0c987f3b4ab2083131df6435527
SHA1 hash:
b74a83fff39fe91097e502ae214e8e9ce998e4b1
Link:
https://www.unpac.me/results/f130de33-cdd6-4cd0-9518-20bf2d2d4a56/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5657bb527b62a7a83fb6542f2f80f50d0574dfa0b26a26ff26deb9029687b19a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/189385/

Comments