MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a6c6ab892399b0496ffcd15d3af8dc8840818439367b990f60f51c95c8e56305. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a6c6ab892399b0496ffcd15d3af8dc8840818439367b990f60f51c95c8e56305
SHA3-384 hash: fc1c84a114860664129281fa2a00c08652a8fda01e695aded001dee571d9853c7e5a443a1f5f314c37519a0e02ca8ac4
SHA1 hash: d6f4260a55bbdd62627a562ff599a9e842c1c62f
MD5 hash: 8147c86a51001c09e34e8c3517e2bac4
humanhash: alabama-michigan-oregon-grey
File name:haao1.cab.exe_
Download: download sample
Signature Gozi
Create hunting rule
File size:184'832 bytes
First seen:2020-05-29 09:14:03 UTC
Last seen:2020-05-29 09:57:00 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 0db88b241a104cf2d60e7705133f5ce1 (2 x Gozi)
ssdeep 3072:ccte/H9qPc25JZymHhbeLcMpt+zdnR8PT2fnLOJvyiUoJhffGpLWJEfgNsXkWEiA:JQ9qPZRyvLxEcgbiznfBWfg2kW+8sB
Threatray 869 similar samples on MalwareBazaar
TLSH 4A048D7471C1C132E42D16385C21D4E8B7BEFD008A646D9772C91F2F6E3B9D18DA8BA6
Reporter oppimaniac
Tags:Gozi

Intelligence

File Origin
# of uploads :
2
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.PrivateExeProte-11
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-29 09:36:07 UTC
File Type:
PE (Dll)
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
1bd323c57344a8b38ac22ceec92707ba3b6a30d29b66fc32e163649ea7de8a0f
Gozi
3c7c8fbdd41335948ff0b7e67b905c242865a59c55a4809bf6a5fe4beeee83d9
Gozi
481659d344a246a19eb516b01ea71e074e893f6ab4ba9de11c24fba15a8ec9fc
Gozi
59b5aaa1b9d1225610007636ef70dec8f0f1889661d12690d02494718f7df54b
Gozi
659812b78542044d9ebb46743ecda037762a71a49f05322d5fa9bd8b3337d0d4
Gozi
73872d1c97da41772d51fec33613cc1de32b27b43ec5135d1a1c357de5fb9d77
Gozi
8421811ca6b95b3a4f3610184af94f4295a57cc7aaca20062dd42acd76186733
Gozi
8ce9c42220de87bf0dedab305d7874d286726ac18bae834c80e0d6eba8438df7
Gozi
be14ed801453c78d6c80992705cfe0e7eb03f808d2b28704ffa2925cdc46fdc9
Gozi
fd44086fe5fd433c14f4fc1e03f318353add50ac77dee6da3f64c4d2c5414c1c
Gozi
+ 859 additional samples on MalwareBazaar
Result
Malware family:
valak
Create hunting rule
Score:
  10/10
Tags:
family:valak Loader
Link:
https://tria.ge/reports/201109-3fey4l6556/
Behaviour
Suspicious use of WriteProcessMemory
JavaScript code in executable
Valak
Valak JavaScript Loader
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments