MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b82a1d06e5650808ae0b9ef1a77cc6047ca0601b13a9afa8cded17a93e27cda9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b82a1d06e5650808ae0b9ef1a77cc6047ca0601b13a9afa8cded17a93e27cda9
SHA3-384 hash: df8d509dd0ec1fe0ed418ed6ddde96e96307a9b12f72678cd304ff4e1e5ca9e800cd4f4629c32fbe5ff51f7352d4db75
SHA1 hash: 5732a16dffde291d8125120477133ee36cfd93e4
MD5 hash: 9ed64dfc08c0f369e5543ef133a22fb2
humanhash: arkansas-stairway-bravo-twenty
File name:619b721d39f71.dll
Download: download sample
Signature Gozi
Create hunting rule
File size:121'856 bytes
First seen:2021-11-22 10:57:37 UTC
Last seen:2021-11-22 14:57:08 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 4c89e39b5ebc619c69b957c6b4f65780 (6 x Gozi)
ssdeep 3072:NJAA7VlRndPmEu0vzFKpdGWJQfUxmLczhP:RAETK3JQMxRhP
Threatray 526 similar samples on MalwareBazaar
TLSH T121C39E50B6C2C471D5FF2A380570A6654B3EBD12DF60ADFB270506AA8F786C09E31D6B
Reporter JAMESWT_WT
Tags:dll enel EnelEnergia Gozi isfb ITA Ursnif

Intelligence

File Origin
# of uploads :
2
# of downloads :
616
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
67%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/619b77bd94a88037d2fe2c63/reports/49c6b5d8-9f44-41f3-8331-300530502ebb/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Ursnif
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/0d60f307-3fde-4fee-90c3-9e48bb14fde7
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/893728
Signature
Potentially malicious time measurement code found
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
gozi
Create hunting rule
Link:
https://mwdb.cert.pl/sample/b82a1d06e5650808ae0b9ef1a77cc6047ca0601b13a9afa8cded17a93e27cda9/
Threat name:
Win32.Trojan.GenericML
Create hunting rule
Status:
Malicious
First seen:
2021-11-22 10:57:20 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
17 of 28 (60.71%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
0570fd54d98349e62675cf1e53aa2197ed6c0df811350bfae9f64196b0a49278
Gozi
210943dc00e09514fe7d9a433596e78a21d7eb3bf3537b7e8327b985c8ad7d4d
Gozi
2f4d76314a00fb7a8047fcdd3ee26c39d2a550cde356d35ae517631392a66e8a
Gozi
4ddacac68fd062781fece1e92b3f1682d49fe23fc812e721c330f25237f4c20f
Gozi
a5540f6dd0f7761dd3f7e52f5e1d25332b99d95cccf63401d202406160948750
Gozi
d7e64f8e65ce586ce2f0a857810b2a23f85140bf5e52e5a824f09787fb2bf45e
Gozi
e5cf7cd1382587ee1b71f4efbde4899b2b370db79a868e5fbabe8fdffaa711f0
Gozi
e5ddae0f09c15a7eaebe71a0ccfcb83ccdd629760b612fffaab46d9a4260e662
Gozi
f2dfc3562e150ca045557559269c3c21531bb85292864109fd2ceca4fe0f1ea9
Gozi
fa97cd35d76337ff4a523ebdd7f879359a70432a14b7377f06df29c4679b3f70
Gozi
+ 516 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/211122-m2t5zsacf6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
a98563af81949a6f5268994c523cad9c7ef028418e4fc84d446a021382e6e14c
MD5 hash:
cdf3bdc294b699f25b8d6ff8c1a2171e
SHA1 hash:
bd28cb6aa90934cbaf6fd52c68271c4f4fffbb60
Detections:
win_isfb_auto
Create hunting rule
Link:
https://www.unpac.me/results/0ddbc78a-598c-41aa-a7c8-8d96d0232085/
Parent samples :
e5ddae0f09c15a7eaebe71a0ccfcb83ccdd629760b612fffaab46d9a4260e662
b82a1d06e5650808ae0b9ef1a77cc6047ca0601b13a9afa8cded17a93e27cda9
bce328beb9ae78ec279dc17bf701d58cb1cfa12ff570b00c78c0ada6893c80cf
43440e9a6d2d0a68b84f7885fda26748fa86de6ca709a883959e2640f3f706bf
5bbba6d13c8222ef2cc5c4aecf14043f1e74d164ab2a1b3e4b68ee6cb086900c
450a436cf830b03533a2ce0d8d40724d61c8b0e5f8164413c05d2c870b4ba8eb
SH256 hash:
b82a1d06e5650808ae0b9ef1a77cc6047ca0601b13a9afa8cded17a93e27cda9
MD5 hash:
9ed64dfc08c0f369e5543ef133a22fb2
SHA1 hash:
5732a16dffde291d8125120477133ee36cfd93e4
Link:
https://www.unpac.me/results/0ddbc78a-598c-41aa-a7c8-8d96d0232085/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b82a1d06e5650808ae0b9ef1a77cc6047ca0601b13a9afa8cded17a93e27cda9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/208093/

Comments