MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b0659b81acc06d97ee35639da34c0b4ead7f1efecd90415b18f410a1e293d2a0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b0659b81acc06d97ee35639da34c0b4ead7f1efecd90415b18f410a1e293d2a0
SHA3-384 hash: ab20d6a5a09246fbe87217448f08205bde25afff07484e287634dce49544ff536421a7ad0519ab35640a68e6ea6e4892
SHA1 hash: c6143cd673b8eab240daf53d5ccba453d38a1e69
MD5 hash: 353b8c7047d770740cdf63a3359777b5
humanhash: happy-mobile-lake-hot
File name:bespokemerchandises.com_wrong__3B7Ai1.exe.malw
Download: download sample
Signature Gozi
Create hunting rule
File size:334'737 bytes
First seen:2020-05-21 13:33:44 UTC
Last seen:2020-05-21 16:37:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c8c95a8437da5797cf192c4cf27b186f (327 x Gozi)
ssdeep 3072:leYLrN2UApXRBZaKBEd/UslN0r//a0tziOOdltWdnDhNu:4Y9peR+KBjziOOPtWdnDv
Threatray 552 similar samples on MalwareBazaar
TLSH F9647591A953DF7DD09C25B6E5ED0B0610A2F4284F078B976E180D703FA3EA2E69435F
Reporter ov3rflow1
Tags:malw

Intelligence

File Origin
# of uploads :
2
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.Mint.Regotet.1.10770.13032.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Ursnif
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 12:49:54 UTC
AV detection:
30 of 31 (96.77%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
36951cd0c31ff059ad5b16f88854d188625558db72faa5c2ded56cb0182fbe8c
Gozi
58d645eae34d49224d5b68cdc4d665a23383b34484be2ea3c946014f76770561
Gozi
7a5dd778d0d8c7954597b46bd17d7fb07d56c91ce964055e1f8067b07d81199b
Gozi
a987ed8a2e2d89a9c6b215d413c87d1cb41ebf94f55f6f593309e5bfe8b92955
Gozi
bfbc83cad5a405f0de1f2643be60c413f10dfc75baf3e8421313a9aa87953c1b
Gozi
c03f0ab451000aa4799772f609653d690d60ca68adbcb9b3c1f3eed26d075ff4
Gozi
e39198b8b2f68cb68a3783d327c8b902ac13bff1a92aafbc9912b2abc4cd9a2a
Gozi
ebdcdba4dbdec996e4f55aff9ec3086023f604b572cf50e15a909ac5a995951d
Gozi
f6d1b3101dd4dcdac24d319b2032d982f9c6fd345efd97bba263f24c11874420
Gozi
fe56af0d9d3844ff2787e20865bda1d945d765b3b38c35d74c8045cc3ef59908
Gozi
+ 542 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-1zse4ahere/
Behaviour
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/366057/

Comments