MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b27bf3cd5e015b0767ed241d8158c85ff06a6d19ade85f094c1a765d2da0341b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b27bf3cd5e015b0767ed241d8158c85ff06a6d19ade85f094c1a765d2da0341b
SHA3-384 hash: 80a6edbeca1c030edcad37dee0c1163dcfb6fff2d4e9677888dca788cbc31e1e3533b07e129bc60471d98fc6912b786e
SHA1 hash: 4e1a20f30da4d5afa72c18330d337eda7ce1eef4
MD5 hash: adf1dbc1537a093652c4ad1fe3a179fd
humanhash: white-yellow-yellow-three
File name:SecuriteInfo.com.Variant.Graftor.770268.933.26758
Download: download sample
Signature Gozi
Create hunting rule
File size:229'888 bytes
First seen:2020-07-21 02:00:19 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 87fc93cb54b57f245d75a270795c77aa (114 x Gozi, 1 x TrickBot)
ssdeep 3072:U6VYA6I0oElwS9ciW+eM+ppv2LHFsp6+7bUSrtB0J3B1rq46vqDyPIKpPLq/M:UWxXElK+Spv2ywSlt6JR1YSDuImq/M
Threatray 785 similar samples on MalwareBazaar
TLSH 4A248D0075848039E9BF02364A7ED668467CBD218BA1D9EBB7C84E4F5B390D27B31767
Reporter SecuriteInfoCom
Tags:Gozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/29506/
Detection(s):
SecuriteInfo.com.Variant.Graftor.770268.933.26758.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a system process
Result
Threat name:
IcedID
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/392231
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b27bf3cd5e015b0767ed241d8158c85ff06a6d19ade85f094c1a765d2da0341b/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-21 02:02:07 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
icedid
Create hunting rule
gozi
Create hunting rule
Similar samples:
00b24762f3358c6e4e91cae4f2832ca8c00b47cccd6af0a886c66c09dbe4e3dc
Gozi
23b3a2baa530530acde54186c3d9f2ed3be74a9465a6417b2d266f18bdb9e070
Gozi
3d321c9e2f63ea70c5701e85f766980a9e978e802907d1a4d8f0aee2ceb9e709
Gozi
50c534de93fde3f578fc4b0a090a97673ff6c44e8ceb344c1b706a1bf523bb8e
Gozi
517801ae25fbba7eecba22323f0375712d0ffe00178a12c983cff0cf28365d73
Gozi
61b4fc40c6bb3a1902d799dfbc89b2c4c1aa0b7b06998a966ff57cf11a1ea138
Gozi
86c4a0358f3fd1bf879f3cb043fe032cb24e86fe5f099183a15ab8776e88ee7e
Gozi
9ca52c7b92eb37c87f7e8519fb9e369643b0d21b313dc7efae65099889a4e962
Gozi
ad3e9593fed39bc5a22e629c2c8326adf887143658f94376bfd9cc0f8017e643
Gozi
be4645b3f41904727a3c03d7374aabe7cc4573385579e34bb0c97358b7252083
Gozi
+ 775 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200721-p6p41xphzn/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of WriteProcessMemory
Blacklisted process makes network request
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b27bf3cd5e015b0767ed241d8158c85ff06a6d19ade85f094c1a765d2da0341b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gozi

DLL dll b27bf3cd5e015b0767ed241d8158c85ff06a6d19ade85f094c1a765d2da0341b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/415636/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/29506/

Comments