MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9a5e050fb6470a1a5fabf963ce60a23237a0ef553c18875770cd4ada41c5b259. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9a5e050fb6470a1a5fabf963ce60a23237a0ef553c18875770cd4ada41c5b259
SHA3-384 hash: b8646f5c09365ab6d4fbc81defbd1971483a2772a8cb6382a047885b5eb9deae4ae312aee6094481a6747f2534137a68
SHA1 hash: 31dde0d734b8f5235b7c80968f38c95b888b371a
MD5 hash: 9bdb3d62b8237b27399d7d15e2ef17b2
humanhash: dakota-friend-tango-fanta
File name:9a5e050fb6470a1a5fabf963ce60a23237a0ef553c18875770cd4ada41c5b259
Download: download sample
Signature Gozi
Create hunting rule
File size:232'168 bytes
First seen:2020-11-10 11:05:01 UTC
Last seen:2024-07-24 19:30:14 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash baa634aefeafb4b29cdeb172fe1f2671 (11 x Gozi)
ssdeep 6144:AVvBnwXIlBkeHfA3Z0l6QizoJ3W04iJro5k:AJCYlBkeHfc0KzB04CN
Threatray 4 similar samples on MalwareBazaar
TLSH 4D346B203981C032E9720530A4FCBB66556A7FB50B7194EBB7B4BE5CBE292D24534F27
Reporter seifreed
Tags:Gozi

Intelligence

File Origin
# of uploads :
2
# of downloads :
115
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the Windows subdirectories
Creating a window
DNS request
Sending an HTTP GET request
Sending an HTTP POST request
Creating a process from a recently created file
Creating a file
Moving a recently created file
Moving a file to the Windows subdirectory
Sending a custom TCP request
Deleting a recently created file
Replacing files
Sending a UDP request
Launching a service
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9a5e050fb6470a1a5fabf963ce60a23237a0ef553c18875770cd4ada41c5b259/
Threat name:
Win32.Adware.RedCap
Create hunting rule
Status:
Malicious
First seen:
2020-11-10 11:06:49 UTC
AV detection:
13 of 29 (44.83%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tjpakd5wi4fbux5l7fr44yfcgi32b32vhqmiov3qzvfnuqofwjmq._file
Verdict:
unknown
Similar samples:
4547f1174d1400e41a8072651b4a71c3b8a672f491163e9f09175c7838153200
Gozi
55897dc537d308842906dbf8bffde6eb846cdd6b5e9584d7efcbe7c342d5e699
Gozi
7d3beeb2ab6a13038bce7d962a19a4d004a4526934823e23b8f1c5f68ed1800e
Gozi
c6a810bf84ea3fd17a282d2a10bec7811c79ff751d5dbcf9eb84cff95f1fd5ba
Gozi
Result
Malware family:
n/a
Score:
  10/10
Tags:
bootkit persistence
Link:
https://tria.ge/reports/201110-bb37c9mvhn/
Behaviour
Checks processor information in registry
Modifies registry class
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies service
Checks for any installed AV software in registry
JavaScript code in executable
Writes to the Master Boot Record (MBR)
Loads dropped DLL
Executes dropped EXE
Suspicious use of NtCreateUserProcessOtherParentProcess
Unpacked files
SH256 hash:
9a5e050fb6470a1a5fabf963ce60a23237a0ef553c18875770cd4ada41c5b259
MD5 hash:
9bdb3d62b8237b27399d7d15e2ef17b2
SHA1 hash:
31dde0d734b8f5235b7c80968f38c95b888b371a
Link:
https://www.unpac.me/results/8103d46d-4a79-4dfa-9685-12f1d264cb24/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments