MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7d5cb9f2e87752220d05423cb58e57db515b6ce204ca2d9c5d7577f06538dfa4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7d5cb9f2e87752220d05423cb58e57db515b6ce204ca2d9c5d7577f06538dfa4
SHA3-384 hash: 267fe76a02c6378967d55d23c7a905fb52f3efe1e3bfb0054d6614d8e3ddfeb11daa083386526521039b972f9586730b
SHA1 hash: a587aeee7867fc8ec8a3074fa40eed3a2f8481d9
MD5 hash: 32a9e7d1b9d2a12c1341cb2f0a42a51a
humanhash: maryland-september-xray-michigan
File name:SecuriteInfo.com.Trojan.Agent.ESBE.17724.8787
Download: download sample
Signature Gozi
Create hunting rule
File size:296'448 bytes
First seen:2020-06-10 07:37:20 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash d6e7e1dd75c34ff115b5d8287b6cc4a5 (11 x Gozi)
ssdeep 6144:QuVEdAxIE3J27lwmgmORLIaqglBbK2sbJYneIWdCNJuTvo+NTf:QkIAGE5ilWmKtn22IJYsmwvpBf
Threatray 696 similar samples on MalwareBazaar
TLSH 0454C0D02680B170E09F493D6130A17683BEBC61AF20CCC6BAC5077B69365E6DD65FA7
Reporter SecuriteInfoCom
Tags:Gozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
53
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Agent.ESBE.17724.8787.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Worm.Cridex
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 07:39:10 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
0249b4de8637866590388542aad230bb9cd8dc888ee0d0bf41aaedae274a615b
Gozi
093f26aaf7be729722ab6cb2702a093c8fb299d719ebbfc5ac9615e249de613d
Gozi
215ec7342accb0d3a77762e6911fdeb44cc919190cbc508432eef467f5b93986
Gozi
26a0ecf3f69b66ef9e7216add981e9432eb8a7a0e95822e5173280eea5536b94
Gozi
4c9358b1b8b94ee6cc0142aef62a24507e44985d61c85b041f3e337021ac4488
Gozi
53082a7ff1e73b4b7430ff0de0f7630584e14af8e956e8defec7c6a7f1884fdb
Gozi
af5c8ec121ec569be6158eb7f9f1f47de4583ef840f7359faa6f5efef5f6d244
Gozi
e12b6f01fcb11b26875c325bc928a86f89c0f184d19917a3a4fc65fa6ec4a588
Gozi
e392d5a3ab3d10f866705a7c8edc5f76f600bda2783f7c8e848cb8d06fbb04d2
Gozi
eff9bf7aff37dcad22467b7908ea61ee5bead965e038e44201ab0f425ae49eb9
Gozi
+ 686 additional samples on MalwareBazaar
Result
Malware family:
valak
Create hunting rule
Score:
  10/10
Tags:
family:valak Loader
Link:
https://tria.ge/reports/201109-8wjrfrhfys/
Behaviour
Suspicious use of WriteProcessMemory
JavaScript code in executable
Valak
Valak JavaScript Loader
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments