MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aab0b414bdfcf3c37d9d87228abdc243d529c0851d918bd2cceddce392536dfd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aab0b414bdfcf3c37d9d87228abdc243d529c0851d918bd2cceddce392536dfd
SHA3-384 hash: 46feb89b093abdc6938e143ee90ca9c5da38b4593b917d266c9719ecfc9e3f32cff282a8889eb3054f8580a798b2e31f
SHA1 hash: 1455d824a1017249728e71de9110ab8e5699744d
MD5 hash: d4584725f3757b0ba4be2cc8bc2895d4
humanhash: snake-whiskey-juliet-freddie
File name:bespokemerchandises.com_wrong__291B7Ai1.exe.malw
Download: download sample
Signature Gozi
Create hunting rule
File size:334'805 bytes
First seen:2020-05-21 16:24:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c8c95a8437da5797cf192c4cf27b186f (327 x Gozi)
ssdeep 3072:leYLrN2UApXRBZaKBEd/UslN0r//a0tziOOdltWdnDhNun:4Y9peR+KBjziOOPtWdnDvO
Threatray 552 similar samples on MalwareBazaar
TLSH 3B647691A953DF7DD09C25B2E5ED0B0610A2F4284F078B976E180D703FA3EA2E69535F
Reporter ov3rflow1
Tags:malw

Code Signing Certificate

Organisation:UTN-USERFirst-Object
Issuer:AddTrust External CA Root
Algorithm:sha1WithRSAEncryption
Valid from:Jun 7 08:09:10 2005 GMT
Valid to:May 30 10:48:38 2020 GMT
Serial number: 421AF2940984191F520A4BC62426A74B
Intelligence: 307 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 2CF1EC6AB594113BD538DF6D5C940E3319B424F8756D975888072C6AB558B771
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.Mint.Regotet.1.10770.13032.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Ursnif
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 22:25:05 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
38 of 48 (79.17%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
36951cd0c31ff059ad5b16f88854d188625558db72faa5c2ded56cb0182fbe8c
Gozi
58d645eae34d49224d5b68cdc4d665a23383b34484be2ea3c946014f76770561
Gozi
7a5dd778d0d8c7954597b46bd17d7fb07d56c91ce964055e1f8067b07d81199b
Gozi
a987ed8a2e2d89a9c6b215d413c87d1cb41ebf94f55f6f593309e5bfe8b92955
Gozi
b0659b81acc06d97ee35639da34c0b4ead7f1efecd90415b18f410a1e293d2a0
Gozi
bfbc83cad5a405f0de1f2643be60c413f10dfc75baf3e8421313a9aa87953c1b
Gozi
c03f0ab451000aa4799772f609653d690d60ca68adbcb9b3c1f3eed26d075ff4
Gozi
e39198b8b2f68cb68a3783d327c8b902ac13bff1a92aafbc9912b2abc4cd9a2a
Gozi
ebdcdba4dbdec996e4f55aff9ec3086023f604b572cf50e15a909ac5a995951d
Gozi
fe56af0d9d3844ff2787e20865bda1d945d765b3b38c35d74c8045cc3ef59908
Gozi
+ 542 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-2mxsp2nq1x/
Behaviour
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/365980/

Comments