MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 79eee9a954d075828f5103a0ef186d607d7c2cd24187b8af501d91d1e28bf179. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 79eee9a954d075828f5103a0ef186d607d7c2cd24187b8af501d91d1e28bf179
SHA3-384 hash: 414aa8ea5700e29dbce346626dfaae4593044883cfa8221b50a5919927fc0b954c69d3f484252142ebd69f2a560c5414
SHA1 hash: 155029781f73d17d75f3800c1191c8e6a4bf64c2
MD5 hash: 6608cad38fbf665226d8cf9e57578594
humanhash: one-may-cup-vermont
File name:SecuriteInfo.com.Variant.Graftor.770268.26921.14856
Download: download sample
Signature Gozi
Create hunting rule
File size:229'888 bytes
First seen:2020-07-21 00:46:11 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 87fc93cb54b57f245d75a270795c77aa (114 x Gozi, 1 x TrickBot)
ssdeep 3072:U6VYA6I0oElwS9ciW+eM+ppv2LHFAp6+7bUSrtB0J3B1rq46vqDyPIKpPLq/M:UWxXElK+Spv2uwSlt6JR1YSDuImq/M
Threatray 785 similar samples on MalwareBazaar
TLSH 74248D0075848039E9BF02364A7ED668467CBD218BA1D9EBB7C84E4F5B390D27B31767
Reporter SecuriteInfoCom
Tags:Gozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/29452/
Detection(s):
SecuriteInfo.com.Variant.Graftor.770268.26921.14856.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
2 / 100
Link:
https://www.joesandbox.com/analysis/392139
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/79eee9a954d075828f5103a0ef186d607d7c2cd24187b8af501d91d1e28bf179/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-21 00:48:07 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
icedid
Create hunting rule
gozi
Create hunting rule
Similar samples:
23b3a2baa530530acde54186c3d9f2ed3be74a9465a6417b2d266f18bdb9e070
Gozi
3d321c9e2f63ea70c5701e85f766980a9e978e802907d1a4d8f0aee2ceb9e709
Gozi
3dc82a244461087be6a1a675c8afbe868fbe6ab8c5d9261f177cd0322b727ac9
Gozi
50c534de93fde3f578fc4b0a090a97673ff6c44e8ceb344c1b706a1bf523bb8e
Gozi
517801ae25fbba7eecba22323f0375712d0ffe00178a12c983cff0cf28365d73
Gozi
61b4fc40c6bb3a1902d799dfbc89b2c4c1aa0b7b06998a966ff57cf11a1ea138
Gozi
86c4a0358f3fd1bf879f3cb043fe032cb24e86fe5f099183a15ab8776e88ee7e
Gozi
9ca52c7b92eb37c87f7e8519fb9e369643b0d21b313dc7efae65099889a4e962
Gozi
be4645b3f41904727a3c03d7374aabe7cc4573385579e34bb0c97358b7252083
Gozi
d5072960f70861334eee19eeb9b0372ee9357cc4dc2665438a3b8913b8e44f57
Gozi
+ 775 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200721-mnpzc1t8y2/
Behaviour
Modifies system certificate store
Suspicious use of WriteProcessMemory
Suspicious use of WriteProcessMemory
Blacklisted process makes network request
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/79eee9a954d075828f5103a0ef186d607d7c2cd24187b8af501d91d1e28bf179

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/29452/

Comments