MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b0d9f78957650a0bc42b0bf646e3d158f713de64ee5e6ab395cf777e93a7a240. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 3


Intelligence 3 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b0d9f78957650a0bc42b0bf646e3d158f713de64ee5e6ab395cf777e93a7a240
SHA3-384 hash: 09dca849c4c72364abf516d71592e07976fd2b997450d66e50ca40cebe758b9894450f45c7c17b4db945dabc54aca9e9
SHA1 hash: fba93463d76c3d35f79748499d037841b6461039
MD5 hash: b2da4d5636af2f5d81aab415a1ba80f8
humanhash: ceiling-emma-earth-maryland
File name:SecuriteInfo.com.PSW.Generic13.AOJE.28669.2178
Download: download sample
Signature Gozi
Create hunting rule
File size:770'560 bytes
First seen:2020-06-19 14:43:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash caf8d099efb0da18bf38e481a06237cc (1 x Gozi)
ssdeep 12288:c8X24WtNb91CsnUdgZdN+of7qiTVdekavUMvy+kO+wlGh0GubE9CzxMrRLFmGUtR:c8XTWtNb3TUdgvN+ozquEkavPmOflGrY
Threatray 20 similar samples on MalwareBazaar
TLSH E5F4E152F6D1CC3AF56B993C8D368111C66EACA50BF296C3B7E43A76513B0825E38713
Reporter SecuriteInfoCom
Tags:Gozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/9581/
Detection(s):
SecuriteInfo.com.PSW.Generic13.AOJE.28669.2178.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Ursnif
Create hunting rule
Status:
Malicious
First seen:
2017-10-12 13:58:47 UTC
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
0fefdfbc442c4667670b1b9001f1b586dbf7d7eeb13bcaf21af53984d5ad14a6
Gozi
2a80deaa083bb554ccc57c0ffd467b4fd1a6e2f1ae6ab1a3de140aab849b19bf
Gozi
361fb6895164e8e130e6fc3f6dc984af355294173c5e385d0ac35d6df61aea60
Gozi
73a0eff4b25b824af4b6600db0f637f991b45b0945c9385fd6e7eca289b7e5ed
Gozi
823d3e4a009254382cf9401cffddeb21e5be60ab5bb283ad325734c8c14cd695
Gozi
acdbf9fccd6e9fef6459322fb9ea0b1767815413a9a9d91407b87c7834ae77a0
Gozi
c72abb73f39b466cd8b230c1fd9d6c1bf46573db11038eaa407d47976eb317eb
Gozi
ccaedac7e0d5d4a655d37d59fb12bfb920785e9c8d0b811dc6ab88d3e1ca6ea0
Gozi
e5420c67e6613cf86f490123904ea3ae05187932f3282b8fa25d94959b0a5bc2
Gozi
f86974cc3a2a1d06dcc4effe66d6e27380dd4e4e4fe254a1b88a3ea3c7e681c4
Gozi
+ 10 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-xy4447jn4n/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Ursnif
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect Ursnif(a.k.a. Dreambot, Gozi, ISFB) in memory
Reference:internal research
Rule name:win_dreambot_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator
Rule name:win_isfb_a4
Create hunting rule
Author:Slavo Greminger, SWITCH-CERT
Rule name:win_isfb_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/9581/

Comments