MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a362a9d9b6ca4c8d3c0056bd5c7aebb1d3d43ce4dbf9bb6a757949188d16ea5d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a362a9d9b6ca4c8d3c0056bd5c7aebb1d3d43ce4dbf9bb6a757949188d16ea5d
SHA3-384 hash: 849b7c338c364cfd6219a38a3176ed74949978196b2035c07c71f599702456314a7f53cc82d4a97679d6aabc62efa8c8
SHA1 hash: 3401265237544acb0351acde657523601cbc0f39
MD5 hash: 34321eeeb4e0d2f380647220a60dee89
humanhash: aspen-papa-connecticut-kilo
File name:cennc189.exe_
Download: download sample
Signature Gozi
Create hunting rule
File size:189'440 bytes
First seen:2020-05-28 14:49:09 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash eb66dbfd8a0b90cd2377c2ed8ec7babc (1 x Gozi)
ssdeep 3072:16Kl7HMplC/2S3JRFxkAtF+MQnR8PrFWronEPiNVklu/AuWSbO+nf1qq9akcp3WK:1LZHMu/ZkSl2cE6YkxWTbqUnJAS
Threatray 688 similar samples on MalwareBazaar
TLSH BD049D3474C1C531F42906389C22E4F8F7B9FD018A646E9732CA1F2FAE765E18D54BA6
Reporter oppimaniac
Tags:Gozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 15:02:26 UTC
File Type:
PE (Dll)
AV detection:
18 of 31 (58.06%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
1bd323c57344a8b38ac22ceec92707ba3b6a30d29b66fc32e163649ea7de8a0f
Gozi
4069689f46e160bb37d2fed931b8aa255f1cc8df5161ae0f5ed67c6bc3ce545d
Gozi
481659d344a246a19eb516b01ea71e074e893f6ab4ba9de11c24fba15a8ec9fc
Gozi
4bbf19f2ad9ac3f5a816b918e5a2523f40f182b4847ef5ac6daca66094eb36e5
Gozi
659812b78542044d9ebb46743ecda037762a71a49f05322d5fa9bd8b3337d0d4
Gozi
73872d1c97da41772d51fec33613cc1de32b27b43ec5135d1a1c357de5fb9d77
Gozi
73926cf57488263db6454fecf95436c25aa581ad1c353c135dc3d8e258be2f8d
Gozi
8ce9c42220de87bf0dedab305d7874d286726ac18bae834c80e0d6eba8438df7
Gozi
be14ed801453c78d6c80992705cfe0e7eb03f808d2b28704ffa2925cdc46fdc9
Gozi
fd44086fe5fd433c14f4fc1e03f318353add50ac77dee6da3f64c4d2c5414c1c
Gozi
+ 678 additional samples on MalwareBazaar
Result
Malware family:
valak
Create hunting rule
Score:
  10/10
Tags:
family:valak Loader
Link:
https://tria.ge/reports/201109-8dcr6lwtts/
Behaviour
Suspicious use of WriteProcessMemory
JavaScript code in executable
Valak
Valak JavaScript Loader
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments