MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c8093c755d566699bd222c13ff5b01e952e31a1a2da2f37919550b1c3bd99833. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c8093c755d566699bd222c13ff5b01e952e31a1a2da2f37919550b1c3bd99833
SHA3-384 hash: 720a0905e88c9e97a5b49b5fad5751f4351416ef8789ba8786134a16b6040441ca36b6e55c07a0d00959ab7a64010706
SHA1 hash: 737c21990393d29e3eb068eadf924886771ed2a2
MD5 hash: 90ce70f19c5a5a35fa82641578ae53cc
humanhash: london-vermont-purple-batman
File name:SecuriteInfo.com.Trojan.Agent.ERAA.20169.30190
Download: download sample
Signature Gozi
Create hunting rule
File size:3'456'512 bytes
First seen:2020-05-18 11:49:57 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 71dd4a947e37a266cc9ba4fdb9572085 (1 x Gozi)
ssdeep 98304:9aJauZYyUP5k1QjJosXOMclEvaWI9NpLlx:92auULTpnah97hx
Threatray 719 similar samples on MalwareBazaar
TLSH 32F54B60339CE225E5A50B304C62E4E944A57F4DDF22995FB0EA3F0FE1B66844D6CB4B
Reporter SecuriteInfoCom
Tags:Gozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Agent.ERAA.20169.30190.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Danabot
Create hunting rule
Status:
Malicious
First seen:
2020-05-18 12:35:50 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
17 of 31 (54.84%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
1f5b47b9e255b731d6e019429e2b46ef1599fe64dcec7514c74184e9da62aef3
Gozi
214e3cd3db2fd521d7a66d0e4ede79c152870ff0330f839d01d7cc141cdc0a14
Gozi
361ecee960829c871e1535a6231f3985b2e0b373aecf4bd8d5fea67e1c1834ec
Gozi
504eb3ba676729d316c8f6639ae45b0be030124e0c3007e9edade3b57b49e708
Gozi
6477f00ecf9e2396faf3ca69abf4d36050f653418fa6877c6f672ea08c4e95c9
Gozi
7df6cffe72503e47063c3b80da0e2df2d3932fa50cb08daa8f0d0aa8ec7d8184
Gozi
a5bd1ac8e6458e40e63cf558145dbd06cc2700d97f9ed3ae5a161b165ca6c035
Gozi
aa85267b21a04aa673ddde02c00feda1b10782b86eaad3ebbe5617a8ad787774
Gozi
c58594d414c882ce33499233c2f508789e5fa4d91b79ef01d763012e39d7b095
Gozi
e1eabf537423c05f282eba3b0c5bc70931767c23fb9bb2a014999a73e7656e4a
Gozi
+ 709 additional samples on MalwareBazaar
Result
Malware family:
danabot
Create hunting rule
Score:
  10/10
Tags:
family:danabot banker trojan
Link:
https://tria.ge/reports/201109-9emsyrs9ls/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Blacklisted process makes network request
Danabot
Malware Config
C2 Extraction:
172.81.129.196
54.38.22.65
192.99.219.207
51.255.134.130
192.236.179.73
23.82.140.201
45.147.228.92
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments