MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 77e706f98b1e4fe48a4a1631b27529dc587aeab2d187322439d3b5a726da2f80. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Gozi
Vendor detections: 11
| SHA256 hash: | 77e706f98b1e4fe48a4a1631b27529dc587aeab2d187322439d3b5a726da2f80 |
|---|---|
| SHA3-384 hash: | 80937244b51539b6d4bca4878adfc369f223386cb1a99b69b0b11ab9354db23bfbf843326e99ee7ec0e1781570ca479a |
| SHA1 hash: | d5e5510107e6f85a0603f7d5058eff5c0f887c38 |
| MD5 hash: | a185444ff58e6261abff03fa320a6fa6 |
| humanhash: | fruit-stream-edward-papa |
| File name: | racial.drc |
| Download: | download sample |
| Signature | Gozi |
| File size: | 527'872 bytes |
| First seen: | 2021-06-03 18:28:31 UTC |
| Last seen: | 2021-06-03 19:48:59 UTC |
| File type: | |
| MIME type: | application/x-dosexec |
| imphash | 3bfdfe7fdedde57f8d113c7e630bd750 (26 x Gozi) |
| ssdeep | 12288:Y43cTGrLptoCKEV76KDpMGPaISTcN9saAvVqW6mZuzuJPjX7R75:vz75tzST8ANq8 |
| Threatray | 320 similar samples on MalwareBazaar |
| TLSH | 07B4D000B682F976C02549399F96F5E4471CBC144F691A9B32C86FAF6F3E18305397AB |
| Reporter | |
| Tags: | dll Gozi sansisc |
Intelligence
File Origin
# of uploads :
2
# of downloads :
202
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Result
Verdict:
Malware
Maliciousness:
Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Ursnif
Verdict:
Malicious
Result
Threat name:
Ursnif
Detection:
malicious
Classification:
troj
Score:
56 / 100
Signature
Found malware configuration
Yara detected Ursnif
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.BankerX
Status:
Malicious
First seen:
2021-06-03 18:29:08 UTC
AV detection:
15 of 47 (31.91%)
Threat level:
5/5
Verdict:
malicious
Label(s):
gozi
Similar samples:
+ 310 additional samples on MalwareBazaar
Result
Malware family:
gozi_ifsb
Score:
10/10
Tags:
family:gozi_ifsb botnet:1500 banker trojan
Behaviour
Suspicious use of WriteProcessMemory
Gozi, Gozi IFSB
Malware Config
C2 Extraction:
authd.feronok.com
raw.pablowilliano.at
raw.pablowilliano.at
Unpacked files
SH256 hash:
7e9fe871f29be4fac00862a746fe00fc0456f4484c586393dfc381a809572316
MD5 hash:
2cca10343b67ca026b55e23e7ef54eb3
SHA1 hash:
3d01a7e33459da80fdcfe9983fa561b6654770f1
Detections:
win_isfb_auto
SH256 hash:
77e706f98b1e4fe48a4a1631b27529dc587aeab2d187322439d3b5a726da2f80
MD5 hash:
a185444ff58e6261abff03fa320a6fa6
SHA1 hash:
d5e5510107e6f85a0603f7d5058eff5c0f887c38
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.