MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8421811ca6b95b3a4f3610184af94f4295a57cc7aaca20062dd42acd76186733. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8421811ca6b95b3a4f3610184af94f4295a57cc7aaca20062dd42acd76186733
SHA3-384 hash: 4f2df4d9a4b0d232df2a867ccc93fe8f3f67923b2c943395020cda05d79c2da4efb115d39a70812ba8c83a3e1bfee01a
SHA1 hash: 11da5dbfdf7702fb6988f3d365760779f32fe45e
MD5 hash: 192d7e89f65ac9d39508e24271e67780
humanhash: fish-south-sodium-ceiling
File name:83511024.dat
Download: download sample
Signature Gozi
Create hunting rule
File size:273'408 bytes
First seen:2020-06-26 08:10:32 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 387759d61d210ffbd079fce3e884be24 (8 x Gozi)
ssdeep 6144:j1IzQHamytE+04hwz4S6Bf9uY+dh+dPvuTVZP+y8:3EP0rz4V1YBKmmy
Threatray 853 similar samples on MalwareBazaar
TLSH B9449D207A97503DF36F9A3D4856C2628D6EBD4296F0BCEB39C10D8F49171D38B60B5A
Reporter JAMESWT_WT
Tags:Gozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/14754/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Delayed writing of the file
Creating a process from a recently created file
Using the Windows Management Instrumentation requests
Launching a service
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8421811ca6b95b3a4f3610184af94f4295a57cc7aaca20062dd42acd76186733/
Threat name:
Win32.Worm.Cridex
Create hunting rule
Status:
Malicious
First seen:
2020-06-25 23:26:37 UTC
File Type:
PE (Dll)
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
1bd323c57344a8b38ac22ceec92707ba3b6a30d29b66fc32e163649ea7de8a0f
Gozi
3c7c8fbdd41335948ff0b7e67b905c242865a59c55a4809bf6a5fe4beeee83d9
Gozi
481659d344a246a19eb516b01ea71e074e893f6ab4ba9de11c24fba15a8ec9fc
Gozi
59b5aaa1b9d1225610007636ef70dec8f0f1889661d12690d02494718f7df54b
Gozi
659812b78542044d9ebb46743ecda037762a71a49f05322d5fa9bd8b3337d0d4
Gozi
73872d1c97da41772d51fec33613cc1de32b27b43ec5135d1a1c357de5fb9d77
Gozi
8ce9c42220de87bf0dedab305d7874d286726ac18bae834c80e0d6eba8438df7
Gozi
a6c6ab892399b0496ffcd15d3af8dc8840818439367b990f60f51c95c8e56305
Gozi
be14ed801453c78d6c80992705cfe0e7eb03f808d2b28704ffa2925cdc46fdc9
Gozi
fd44086fe5fd433c14f4fc1e03f318353add50ac77dee6da3f64c4d2c5414c1c
Gozi
+ 843 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200626-b6tcz535k2/
Behaviour
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://www.malware-traffic-analysis.net/2020/06/24/index.html
Cape
Cape
https://www.capesandbox.com/analysis/14754/

Comments