MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb046873b3f030de0d766f937da4c80774804c4f14ffbaa087e710ebfbcd22f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cb046873b3f030de0d766f937da4c80774804c4f14ffbaa087e710ebfbcd22f7
SHA3-384 hash: 66827a89590263d9fb1b08c25738c375fb44d7e8032bc010c0aa59b2ca0fdd4236c2a168ea393e96bc6a7bc30127848a
SHA1 hash: 0a41bf0eba70f5053bdadeec9622afa39442ad31
MD5 hash: 04db991efbf71e08af29ded77ae9e1f3
humanhash: lima-monkey-apart-leopard
File name:zug11.bin
Download: download sample
Signature Gozi
Create hunting rule
File size:281'088 bytes
First seen:2020-07-21 21:15:37 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 26161595a9732d17601e4bdfceb9432b (2 x Gozi)
ssdeep 6144:BZ5BSrk7m4TO4uOeS+xJYAOKL4h/Jd9Yv6JBdeCBI:BZad4K4usaYR9tFeCBI
Threatray 798 similar samples on MalwareBazaar
TLSH 6B549E403A82C4BAD5BE19345938D6A6067DBC200F70DDFBABD45E2B4E391C19631E77
Reporter malware_traffic
Tags:dll Gozi IcedID

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/30459/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Connection attempt
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cb046873b3f030de0d766f937da4c80774804c4f14ffbaa087e710ebfbcd22f7/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-21 21:17:04 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
icedid
Create hunting rule
gozi
Create hunting rule
Similar samples:
0aa2727753d68654ada04a86531c216b15754fe0fabb38bf5db9c9bd4d8933a8
Gozi
10cc78e17139d3cc2ec90c88806f85d3a660bf445eda3814650200448df846d7
Gozi
33a254d82ed46fb2c38d0ae52dbefb012fb3b9e61e7cd8ebb5f0163e4a635a3e
Gozi
33d4b93f27fa6d5f68443a35b0640269b3f6a1cfd8e0015361e462bc369b0133
Gozi
54a1ff16fd63ead406eec7b18303d4998ff43c078dc8c4257d6ba593a3e3b24d
Gozi
60adb0a8bb01a52de96c31213433954834f2ca43b677ec67737ad12e633a5c18
Gozi
948989af594ba4896284c729cc9a0b6d110d7d7a1960e00084a35076cf4a2fe7
Gozi
a81aa093f5b1278af943f7b47498e2b3847394187e19a66b3bd5e6a302dc9e38
Gozi
e5f1b3c69e967ec1531a0fb923599009fd86a9667110079be0b8cf50360f4e8c
Gozi
ecfe29ac7905d40cd43e79c1ade25e12c3d01827a49f4a6a7abbea2b65eae839
Gozi
+ 788 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200721-mbtd15hvxe/
Behaviour
Suspicious behavior: EnumeratesProcesses
Modifies system certificate store
Suspicious use of WriteProcessMemory
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Blacklisted process makes network request
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cb046873b3f030de0d766f937da4c80774804c4f14ffbaa087e710ebfbcd22f7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/30459/

Comments