MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 75d79cd50c0f3def32be69db58e716d7094006636c8ff9479254ff34224d327e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 75d79cd50c0f3def32be69db58e716d7094006636c8ff9479254ff34224d327e
SHA3-384 hash: af3ad3a349b1e4d090ec7c17e4549b75fe8f280741af38572fb399fbba7f3872ce30801bc8ac9a60177dee722faf0e01
SHA1 hash: a05da9a0d7ede834cc3bcf8fcd6ff2f0d28f53e7
MD5 hash: bd454b6e19e5611e955fdbebde71397a
humanhash: edward-equal-kilo-cup
File name:065367.dll
Download: download sample
Signature Gozi
Create hunting rule
File size:540'672 bytes
First seen:2020-05-20 12:50:20 UTC
Last seen:2020-05-20 15:26:52 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash dd5fb714f09210a35ea3394e4bff4a4b (1 x Gozi)
ssdeep 12288:B3jDHMWHGwghWhE0u4o6c1444pu61hdWabdhu:Vjmw960u36MZ4wad
Threatray 69 similar samples on MalwareBazaar
TLSH 76B47B22B441D13AE57E383CDC12D6FD9599BC19DF625687FBD43FAF3A316818A24202
Reporter abuse_ch
Tags:dll Dridex Gozi


Avatar
abuse_ch
Dridex payload URL:
https://patostpc.com/?

Intelligence

File Origin
# of uploads :
2
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Dridex
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 13:35:41 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
dridex
Create hunting rule
gozi
Create hunting rule
Similar samples:
19042ea0e61783a3c281e3f02e0e2e2b07e9421bae0afeeae21febe450510f0c
Gozi
1dc170fb1ca9e7a48b7b866d7ef0af55d84a7ff819864a5f83ddf9ddf08ffe7e
Gozi
3e45e4e497c317498972fa7789dc00c83b963f8993cd4af4c316291f8745f2c9
Gozi
4655c0216538f752dea2ce1649807d597cd83a935f1385bdd8f418616de97b68
Gozi
5ade0c4492ffe4b77776543635a5cad0eef6d4a207f69dac0a59f9ad76aa42ba
Gozi
72baaecfb7c235e5ecd08aa1d8d8e210edc452f230ece050e1e02badbafadf67
Gozi
d3e9f6933d519b6bd1514ceaaa14df64722214c0c6c2a60a6924c92f284b3c08
Gozi
e9880c5c608141c8ec12ce1a8d14652731583e4055f74ce2727afe8c3ea15cb6
Gozi
f32072d7d581e1a8d04c47b21dafadd58e3dccc3aa0188d7f95f6867944475e0
Gozi
fcd9abcb235ec7aea9a425394952653a57b44ba9233e934289d2b6892fac82b2
Gozi
+ 59 additional samples on MalwareBazaar
Result
Malware family:
dridex
Create hunting rule
Score:
  10/10
Tags:
family:dridex botnet loader
Link:
https://tria.ge/reports/201109-3ynr1zk1ea/
Behaviour
Suspicious use of WriteProcessMemory
Dridex Loader
Dridex
Malware Config
C2 Extraction:
144.217.77.38:443
107.170.146.252:4664
142.93.181.37:981
104.168.172.176:4443
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Dridex

Excel file xlsm f32072d7d581e1a8d04c47b21dafadd58e3dccc3aa0188d7f95f6867944475e0

Gozi

DLL dll 75d79cd50c0f3def32be69db58e716d7094006636c8ff9479254ff34224d327e

(this sample)

  
X
https://twitter.com/abuse_ch/status/1263086725678739457
  
Dropped by
MD5 4f8bef1a03978e1a3b783c3fb1ff1da6
  
Dropped by
SHA256 f32072d7d581e1a8d04c47b21dafadd58e3dccc3aa0188d7f95f6867944475e0
  
Delivery method
Distributed via web download

Comments