MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5833c87bcb55898337f74a84402e525cab70a611276e3e2faa9e880ff4059ba3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Gozi

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	5833c87bcb55898337f74a84402e525cab70a611276e3e2faa9e880ff4059ba3
SHA3-384 hash:	22e677a58e2425876bc18aedc3b45bbeeae265cfeed8c9f3808539afc6e8554581085750865f125d8a8b69a6b9fa4bea
SHA1 hash:	57dc02ee611be43ec738078e299e5cdcea09f657
MD5 hash:	6935d182ce55cf157cadfbf25022b9fc
humanhash:	four-jupiter-don-lion
File name:	lxoyw10bipu03ilyig.com_index.gif
Download:	download sample
Signature	Gozi Create hunting rule
File size:	566'272 bytes
First seen:	2021-03-11 18:50:42 UTC
Last seen:	2021-03-12 14:37:47 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	ee77000454a2c4bbfba983e823f6fb9e (1 x Gozi)
ssdeep	12288:snbTNeyvnLZMcNgZnhgRNgpUHhBV3Iq74J:sXNeeRxj
Threatray	4 similar samples on MalwareBazaar
TLSH	13C45C92B694C6A6D4544132D8A3CBF62628FD6BDAD40C9735D43E0FFC322D2253AF19
Reporter	lazyactivist192
Tags:	dll Gozi isfb tr

Intelligence

File Origin

# of uploads :

2

# of downloads :

232

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

lxoyw10bipu03ilyig.com_index.gif

Verdict:

No threats detected

Analysis date:

2021-03-11 18:53:56 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/095a8825-f39b-4781-85b8-8cc608e59f14

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Ursnif3

Link:

https://www.capesandbox.com/analysis/123866/

Detection(s):

SecuriteInfo.com.Trojan.Win32.Save.a.22159.31105.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/637256

Signature

Machine Learning detection for sample

PE file has nameless sections

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5833c87bcb55898337f74a84402e525cab70a611276e3e2faa9e880ff4059ba3/

Threat name:

Win32.Trojan.Malrep

Status:

Malicious

First seen:

2021-03-11 18:51:06 UTC

AV detection:

12 of 28 (42.86%)

Threat level:

5/5

Verdict:

unknown

Similar samples:

2bfa88a5c855f4d24139d5d9c556cfbdb05a5a68b23a528ae53226d526dc4e7d

9ef6c5467fd80274e6a37e2883a5e83a894cf2148ce37bf0adb1e884acbc4c0b

ca3408df31dc066d6ec4feea0388ca8d0cf5d35393bd5a6f1979b9af590f7615

ff69d250cc705f583350967cc8956786e198d2ab5cbaa6e19fc63b1e2a208ac7

Result

Malware family:

gozi_ifsb

Score:

10/10

Tags:

family:gozi_ifsb botnet:5566 banker trojan

Link:

https://tria.ge/reports/210311-xjb8axpn42/

Behaviour

Suspicious use of WriteProcessMemory

Gozi, Gozi IFSB

Malware Config

C2 Extraction:

bing.com
update4.microsoft.com
fdjjasdoeoriefjd.live
paralikulat.website

Unpacked files

SH256 hash:

220f635b3a747e133170eb0dbf2c63c91646b460f4315498a31a176498ca215b

MD5 hash:

4df4258bb725b92568e441970439dff5

SHA1 hash:

8673bd2ab0eb5e60a787c0b75c5b6baeda4cec91

Detections:

win_isfb_auto

Link:

https://www.unpac.me/results/c4808b4d-7b13-486c-80cc-45c9c61ac05f/

Parent samples :

5833c87bcb55898337f74a84402e525cab70a611276e3e2faa9e880ff4059ba3
632532e4c584dbacddc365e46d2ce8b219f1f6433ac8dc6d51dc7a29a1a36d35
a67282c6f37a82765eeadefaf4245a2dacba3f6def9c5bf8460e01e38cfff70c
312a9a4de6d94deacc421063457c830453499c5848ec6c0aefc388c530cfb8f3
46eeef418745fe61c1c5bdf6f828339a5cabc45215fe961a9ce235360dc65f3a
2669050ec7f2d8f1def908e09030bc6a0fafcff4ed60c9254f40425a6fb1f887

SH256 hash:

5833c87bcb55898337f74a84402e525cab70a611276e3e2faa9e880ff4059ba3

MD5 hash:

6935d182ce55cf157cadfbf25022b9fc

SHA1 hash:

57dc02ee611be43ec738078e299e5cdcea09f657

Link:

https://www.unpac.me/results/c4808b4d-7b13-486c-80cc-45c9c61ac05f/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Trojan

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/5833c87bcb55898337f74a84402e525cab70a611276e3e2faa9e880ff4059ba3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/123866/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample