MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 5f65108386662cc4780882e06928dd940ea6c75235bf8e4c09079e6e40045326. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Gozi
Vendor detections: 11
| SHA256 hash: | 5f65108386662cc4780882e06928dd940ea6c75235bf8e4c09079e6e40045326 |
|---|---|
| SHA3-384 hash: | 8b9b2b7952a161b68b7fb94e5bf66efa44948009e288856b4fc8d807992dc337785226dd302add4efa3c3eae8a7d23cb |
| SHA1 hash: | 90a17a059b290a2d5becbff3ec9fe4dabdfc06ae |
| MD5 hash: | d6d4942cd0282dbbb0e34276706e6bab |
| humanhash: | october-bravo-lake-south |
| File name: | register.jpg.dll |
| Download: | download sample |
| Signature | Gozi |
| File size: | 761'856 bytes |
| First seen: | 2021-04-26 12:47:47 UTC |
| Last seen: | 2021-04-30 14:49:15 UTC |
| File type: | |
| MIME type: | application/x-dosexec |
| imphash | 6429c18a3abaea96e49f5b3f9ab317ee (1 x Gozi) |
| ssdeep | 12288:4GzKiFJSk5OWpk0KQlL7QQDprnF0xfHHlsTRRZC7Emy/Kt28nxub/lgkjK7l6kXC:9+iFJJ5OWpk0KQh8QD8uPZC7EojvkjKa |
| Threatray | 212 similar samples on MalwareBazaar |
| TLSH | C2F49C25B8C2C032E5A320384968E6F45BBDB4301B245BDB77CC2B3F9F716D156365AA |
| Reporter | |
| Tags: | dll geo Gozi isfb ITA Ursnif |
Intelligence
File Origin
# of uploads :
5
# of downloads :
367
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Ursnif
Result
Verdict:
Malware
Maliciousness:
Behaviour
Running batch commands
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Ursnif
Detection:
malicious
Classification:
troj
Score:
72 / 100
Signature
Found malware configuration
Sigma detected: Execute DLL with spoofed extension
Writes or reads registry keys via WMI
Writes registry values via WMI
Yara detected Ursnif
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Ursnif
Status:
Malicious
First seen:
2021-04-26 12:47:28 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
10 of 29 (34.48%)
Threat level:
5/5
Verdict:
malicious
Label(s):
gozi
Similar samples:
+ 202 additional samples on MalwareBazaar
Result
Malware family:
gozi_ifsb
Score:
10/10
Tags:
family:gozi_ifsb botnet:7405 banker trojan
Behaviour
Suspicious use of WriteProcessMemory
Gozi, Gozi IFSB
Malware Config
C2 Extraction:
signin.microsoft.com
login.microsoft.com
linerstats.com
linerstats.bar
infeetic.co
login.microsoft.com
linerstats.com
linerstats.bar
infeetic.co
Unpacked files
SH256 hash:
d4761a0e3fed8527753cb78be297ed375f0c6f1904390ffc28af947e5ab614fb
MD5 hash:
81ff5d088bc6dbe72d0e7ff783806736
SHA1 hash:
6ac4a0722b4538b9465e9718e4da7d6f98bc3dc3
Detections:
win_isfb_auto
SH256 hash:
5f65108386662cc4780882e06928dd940ea6c75235bf8e4c09079e6e40045326
MD5 hash:
d6d4942cd0282dbbb0e34276706e6bab
SHA1 hash:
90a17a059b290a2d5becbff3ec9fe4dabdfc06ae
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [B0012.001] Anti-Static Analysis::Argument Obfuscation
1) [C0026.002] Data Micro-objective::XOR::Encode Data
3) [C0051] File System Micro-objective::Read File
4) [C0052] File System Micro-objective::Writes File
5) [C0007] Memory Micro-objective::Allocate Memory
6) [C0034.001] Operating System Micro-objective::Set Variable::Environment Variable
7) [C0040] Process Micro-objective::Allocate Thread Local Storage
8) [C0017] Process Micro-objective::Create Process
9) [C0041] Process Micro-objective::Set Thread Local Storage Value
10) [C0018] Process Micro-objective::Terminate Process