MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bbee5d1620372d0ef2f195f3f629c3cec392384f8a7a0409b255e73d06761cb2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bbee5d1620372d0ef2f195f3f629c3cec392384f8a7a0409b255e73d06761cb2
SHA3-384 hash: 780ab21a2dafeccdd890ed4abee606463d57efca0371fd4ec039afe07bd440d3624335374477dcc6cf240b18e6cbf867
SHA1 hash: bd1999b9fb1525d2131c0319ef99e90baa2af0fc
MD5 hash: 25e8fe0b728e8037ac0a016b3032116d
humanhash: colorado-quiet-tennessee-twenty
File name:2020-07-20-IcedID-installer-DLL-example-15.bin
Download: download sample
Signature Gozi
Create hunting rule
File size:223'744 bytes
First seen:2020-07-22 07:00:58 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 885500593e9e09d46973fece70fbf7c6 (8 x Gozi)
ssdeep 3072:ZO4ZE83ewUOdlOrfZcEgAjjT+oY7UQoGMAZjne31P7H3AGGWQJBa3U:Zw8uSbOTgADOgGMAls7QXBa3
Threatray 720 similar samples on MalwareBazaar
TLSH E7249C007A84D039E9BF0237897AE618067CBD214BA5D9CBBBC84E8E5B355C17B31767
Reporter JAMESWT_WT
Tags:Gozi IcedID

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/30818/
Detection(s):
PUA.Win.Packer.PrivateExeProte-11
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/394483
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bbee5d1620372d0ef2f195f3f629c3cec392384f8a7a0409b255e73d06761cb2/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-20 23:05:08 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
icedid
Create hunting rule
gozi
Create hunting rule
emotet
Create hunting rule
Similar samples:
03afc8c1250b8bf37102da9158250f0fd07a95a44c77e0216a0623f0aaadf392
Gozi
0981406f5c10387acecc79272b1a8eeac56ce6f13ff4bde6290a8352cc413e7d
Gozi
66b748a75a12ce37a3f3d38b45c725bc8b9bcd4cefa92b40578c9b729af0f2ae
Gozi
846c01b32d4cf7a5d1495aa265340577926733b654ce40b86099d5c5440433a0
Gozi
9573bb7a90860f3302e3f298b2555dfd7680aecd24997b5aa3990f98d57e3a11
Gozi
a67156403bdd5d3c52334e9dcb8fb8dd8bd7e51548fbffee5ceea7e11b953cf2
Gozi
c4f194687f4f457a79c3669dfb41605120a241a12baf1660d62ffd334fbe7dec
Gozi
d32bcfc257678aa6983dba4eb574312060436d5efbb5f9dcbeecccacd50cd62e
Gozi
d5936fb27fb7d59a3c670157f5e31679c38a9b92c026349dc816631ee7619fb1
Gozi
e2566cfe340337820d98cc7156c34ec706cdde95c4795680dca3eb08787a3bdd
Gozi
+ 710 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200722-9waefeactn/
Behaviour
Suspicious use of WriteProcessMemory
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bbee5d1620372d0ef2f195f3f629c3cec392384f8a7a0409b255e73d06761cb2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://www.malware-traffic-analysis.net/2020/07/20/index.html
Cape
Cape
https://www.capesandbox.com/analysis/30818/

Comments