MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aef8910dddfc1c5c009db13160c82aae5af66692effb41469c6490e774a420e3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Gozi

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	aef8910dddfc1c5c009db13160c82aae5af66692effb41469c6490e774a420e3
SHA3-384 hash:	8f0ebfd9fbaa75b761f1b232f5f0fa6f83f438c2faeda91b6b16301eefe3e6d70252a1f18ee43de5c0716992736bb528
SHA1 hash:	982f1df09ffaefff82d26df50ed735a29015863c
MD5 hash:	230bf6f23953675ef0dbfbea32532b0e
humanhash:	papa-delaware-football-nineteen
File name:	app.exe
Download:	download sample
Signature	Gozi Create hunting rule
File size:	249'344 bytes
First seen:	2022-02-04 07:45:14 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	186e4123ea2794f96f74a222cc19a4a9 (2 x Loki, 1 x Gozi, 1 x AZORult)
ssdeep	3072:C6JDzH4sYvyLi3TCMy3w/4cy5SqLaWPwNzzB/XEGWU6ElJVN9TaTbpe:lpzH5oyLdMy3w/9qviZ/zWVEduI
TLSH	T1DE34BE117680DA72C4D315308824CBBD1B7EF87246A5818B77AA3B7F6E703E057763A6
File icon (PE):
dhash icon	367e7c7d727e6e72 (2 x Gozi, 1 x RedLineStealer, 1 x RaccoonStealer)
Reporter	JAMESWT_WT
Tags:	EFFESISTEMI S.R.L. exe Gozi isfb Ursnif

Intelligence

File Origin

# of uploads :

# of downloads :

403

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

app.exe

Verdict:

No threats detected

Analysis date:

2022-02-04 07:46:01 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/336b16ff-2469-457a-9d68-5ff072795913

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/232857/

Detection(s):

Win.Malware.Generic-9938273-0

Result

Malware family:

n/a

Score:

9/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/5912/overview

Behaviour

MalwareBazaar

CPUID_Instruction

SystemUptime

MeasuringTime

EvasionGetTickCount

EvasionQueryPerformanceCounter

CheckCmdLine

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware

Link:

https://www.filescan.io/uploads/61fcea096d25ac9e7904b40a/reports/50b4c072-58f1-4128-b46b-6a08acffb080/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Ursnif

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/2caafc30-56d6-4b58-a1fb-051f91eda4a2

Result

Threat name:

Ursnif

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/934355

Behaviour

Behavior Graph:

n/a

Gathering data

Threat name:

Win32.Ransomware.StopCrypt

Status:

Malicious

First seen:

2022-02-04 07:46:11 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

25 of 28 (89.29%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=v34jcdo57qofyae5weywbsbkvznpmzus575ucru4msioo5feedrq._file

Result

Malware family:

gozi_ifsb

Score:

10/10

Tags:

family:gozi_ifsb botnet:7610 banker trojan

Link:

https://tria.ge/reports/220204-jlzhzsfcd4/

Behaviour

Gozi, Gozi IFSB

Malware Config

C2 Extraction:

maybommpump.top
linkspremium.ru
premiumlists.ru
premiumlinks.top

Unpacked files

SH256 hash:

918498080386d72dccf5f74c4dd2aa3f9369ddeb0378df869b502d512333ae28

MD5 hash:

a9f54ab3ec8dbac130b4cfa729c81d69

SHA1 hash:

96c2f1326cd05c047671f22ff85d2bccfbdf623e

Detections:

win_isfb_auto

Link:

https://www.unpac.me/results/d9f25427-a325-41af-93e8-3300d05f2dfb/

SH256 hash:

4f41083286d9dbd519949e22b008fa56af20187a3e97873ee8eb7f65154f8ff0

MD5 hash:

8dccf99ee7163e11d91b8d4a2002ac10

SHA1 hash:

37825d9d306f774d353d1d87b802dac92fd6d330

Detections:

win_isfb_auto

Link:

https://www.unpac.me/results/d9f25427-a325-41af-93e8-3300d05f2dfb/

SH256 hash:

aef8910dddfc1c5c009db13160c82aae5af66692effb41469c6490e774a420e3

MD5 hash:

230bf6f23953675ef0dbfbea32532b0e

SHA1 hash:

982f1df09ffaefff82d26df50ed735a29015863c

Link:

https://www.unpac.me/results/d9f25427-a325-41af-93e8-3300d05f2dfb/

Malware family:

Ursnif.Dreambot.D

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/aef8910dddfc/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/aef8910dddfc1c5c009db13160c82aae5af66692effb41469c6490e774a420e3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gozi

exe aef8910dddfc1c5c009db13160c82aae5af66692effb41469c6490e774a420e3

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2028148/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/232857/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample