MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ab92b7c54f6fb064001b3dadf306f85efa7344fc9efa88070bbcd91164e80af2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ab92b7c54f6fb064001b3dadf306f85efa7344fc9efa88070bbcd91164e80af2
SHA3-384 hash: 20ab11ab0f99c30c9728b95f9d31ad014be537ee1a23be59ac365c7fc902950f12f139225dfdf7a57bb17c2ee12d7397
SHA1 hash: 989a6a64f162b09746a7bf36dfb238d5462aca64
MD5 hash: 900341b737237e8e241d50dbfbf11e0d
humanhash: salami-table-ten-asparagus
File name:SecuriteInfo.com.Generic.mg.900341b737237e8e.6099
Download: download sample
Signature Gozi
Create hunting rule
File size:518'656 bytes
First seen:2020-06-04 00:36:59 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 03d2bc599c55bd5b2fb46da82b90ff7c (8 x Gozi)
ssdeep 12288:v/4qkMxNyHaVbBvXA2od5Pyig6SnbKcn1Skkps3FsAT:Imw2BvXAd5KMUyAT
Threatray 146 similar samples on MalwareBazaar
TLSH 94B49E6237F80411F2BB4F3848F205119BFEBED5D978C69947C1229909EB290AB7C797
Reporter SecuriteInfoCom
Tags:Gozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.PrivateExeProte-11
Create hunting rule

SecuriteInfo.com.Generic.mg.900341b737237e8e.6099.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Cridex
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 00:49:55 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
zloader
Create hunting rule
Similar samples:
16dd0142263b0ecdd025ec808a6bdd74277eee53c1d9d6c603aafe460f9431d1
Gozi
244bd22b299305418f66c5a6239c70bdc5eced7c0464210feaac591301241cd5
Gozi
53334b2b8901c9cfb03dfb61eee7fd5a86a15d3d5bcea947349fb7e9f991e5d6
Gozi
624dc347ad3d5ec7699556183514164d575178edc25fa6cf82d6156fe8924f53
Gozi
8179cb45ba2d6df0d25f9e1f382c5b9e8b9b703e4404fa19a9002c78418dedea
Gozi
9aba8d09a3add66da1fb109075cfe60daf120e7513bc11b7a723634c4d14d859
Gozi
9ce2908edf0994f493926514628054634858340fb73f219c38c013f34dd9a429
Gozi
b35ad69768a7ce3db49edb414b855e06236cc9948616b055bd2503e83c2564e7
Gozi
c819184cbc9744c16063570200bea44d1eb2d7e99967b2e8153bd65634f883a2
Gozi
f0276fc95acef71224471aecf0450febfc4b35e8ee9a98d97ce3cf39c669dd33
Gozi
+ 136 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
family:zloader botnet:bot5 campaign:bot5 botnet persistence trojan
Link:
https://tria.ge/reports/201109-bwx4ne32hj/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
https://militanttra.at/owg.php
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments