MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 73926cf57488263db6454fecf95436c25aa581ad1c353c135dc3d8e258be2f8d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 73926cf57488263db6454fecf95436c25aa581ad1c353c135dc3d8e258be2f8d
SHA3-384 hash: 910beca365cc369e903c3f07917de8b95bc697aa9a4480455f2db81c1536e173ac8fff70e4bde36adf62c811c5a39ea1
SHA1 hash: 1e9c18f525811890a4c1547e6a66d96becea3820
MD5 hash: 7e040ce0f485ca329566e5b91b4644d2
humanhash: november-arkansas-stream-timing
File name:haao15.cab
Download: download sample
Signature Gozi
Create hunting rule
File size:248'320 bytes
First seen:2020-06-04 20:09:43 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 1f307c5bb3d1ce990c843ef4a06f0ce2 (3 x Gozi)
ssdeep 3072:Pv/gUdIsnvszOXtnulCYesa7sTph2lunA0X0GCjnV1H3BWXXY/PAJE8:PvIW0admR8A5hkfW4p
Threatray 723 similar samples on MalwareBazaar
TLSH 7D34C0353A90C5B2C16B0BBC8CA7D1F949B57C148E30529B36D58FAF3B2338615B4B5A
Reporter Jacob_Pimental
Tags:Gozi Valak

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'837
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Worm.Cridex
Create hunting rule
Status:
Malicious
First seen:
2020-05-29 21:06:10 UTC
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
1bd323c57344a8b38ac22ceec92707ba3b6a30d29b66fc32e163649ea7de8a0f
Gozi
4069689f46e160bb37d2fed931b8aa255f1cc8df5161ae0f5ed67c6bc3ce545d
Gozi
481659d344a246a19eb516b01ea71e074e893f6ab4ba9de11c24fba15a8ec9fc
Gozi
4bbf19f2ad9ac3f5a816b918e5a2523f40f182b4847ef5ac6daca66094eb36e5
Gozi
659812b78542044d9ebb46743ecda037762a71a49f05322d5fa9bd8b3337d0d4
Gozi
73872d1c97da41772d51fec33613cc1de32b27b43ec5135d1a1c357de5fb9d77
Gozi
8ce9c42220de87bf0dedab305d7874d286726ac18bae834c80e0d6eba8438df7
Gozi
a362a9d9b6ca4c8d3c0056bd5c7aebb1d3d43ce4dbf9bb6a757949188d16ea5d
Gozi
be14ed801453c78d6c80992705cfe0e7eb03f808d2b28704ffa2925cdc46fdc9
Gozi
fd44086fe5fd433c14f4fc1e03f318353add50ac77dee6da3f64c4d2c5414c1c
Gozi
+ 713 additional samples on MalwareBazaar
Result
Malware family:
valak
Create hunting rule
Score:
  10/10
Tags:
family:valak Loader
Link:
https://tria.ge/reports/201109-1fvxde5t36/
Behaviour
Suspicious use of WriteProcessMemory
JavaScript code in executable
Valak
Valak JavaScript Loader
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Valak

Word file doc 617d935f70cbd845b3afe3ee4b438a55390821ffaaa5bb527cd16c36ae79a60d

Gozi

DLL dll 73926cf57488263db6454fecf95436c25aa581ad1c353c135dc3d8e258be2f8d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/371282/
  
Dropped by
SHA256 617d935f70cbd845b3afe3ee4b438a55390821ffaaa5bb527cd16c36ae79a60d
  
Delivery method
Distributed via web download

Comments