MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb73a2cf01aa499376231e1c5c14dbf0abfae7a2f2036c78bcfbc35b2284a5d5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cb73a2cf01aa499376231e1c5c14dbf0abfae7a2f2036c78bcfbc35b2284a5d5
SHA3-384 hash: 96084236e55a115760e62e305c289cca97c4019d150c8bcd73c57284611832162efaa6927476a01709c379c48160fa02
SHA1 hash: 599b5bc9138bec69ac61a82858d2a2115eeab943
MD5 hash: 937e2c551368757c5e3c3598c41ea7d9
humanhash: one-don-washington-arkansas
File name:SecuriteInfo.com.Mal.EncPk-APW.3323.18304
Download: download sample
Signature Gozi
Create hunting rule
File size:120'083 bytes
First seen:2021-04-05 22:40:36 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 3f728412058b62c418b1091768b74d7b (8 x Gozi)
ssdeep 1536:tm15JsYYm3GCVS7ZicTJzRVd620ZmB9RMli0msUdqZEACW4jySTLW:eLsacThRVd6pmBPM07vYZEA4/W
Threatray 207 similar samples on MalwareBazaar
TLSH 90C3BE0CF7E950C1C5DA3AB750B19E287228EE128DB4243616F62E797FF71A37C29485
Reporter SecuriteInfoCom
Tags:Gozi isfb Ursnif

Intelligence

File Origin
# of uploads :
1
# of downloads :
283
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/132497/
Detection(s):
SecuriteInfo.com.Mal.EncPk-APW.3323.18304.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Ursnif
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/5c628af0-3a26-4350-84b2-f7e908132f6e
Result
Threat name:
Ursnif
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/666696
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected Ursnif
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 382278 Sample: SecuriteInfo.com.Mal.EncPk-... Startdate: 06/04/2021 Architecture: WINDOWS Score: 60 15 Multi AV Scanner detection for submitted file 2->15 17 Yara detected  Ursnif 2->17 19 Machine Learning detection for sample 2->19 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 rundll32.exe 7->11         started        process5 13 rundll32.exe 9->13         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cb73a2cf01aa499376231e1c5c14dbf0abfae7a2f2036c78bcfbc35b2284a5d5/
Threat name:
Win32.Backdoor.Andromeda
Create hunting rule
Status:
Malicious
First seen:
2021-04-05 22:41:04 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
1abd2ae7b4600681751fcd1d401a6ad35fbdd3e231790be49ef7b61333358802
Gozi
1ccab1a1926170c44244510d67540357cf2a7b9073bc7fc319002f2b747d014e
Gozi
310ac7c48b536f71a16706f67fd4d2bed5d9f5708dd460cf3cbc0cd34f43a3ed
Gozi
60ab31dab9917563b8676880bc2efa5c01e721c482c254ecf081f87cbe60affc
Gozi
6e4568c87d8d2b5d6428ce46362b1ae29559047aafc275948cd4510573e460a8
Gozi
6eb9c1a0a8c539ac78ef7413a78479dbf6a3270f48c1ae79b4595aab0b299c63
Gozi
7e0e394cd085d162aa83daad67f4f66e35981e5b696d0a1b140dbf6db437f2d8
Gozi
8328e3fd543f366d1625e37bf5b002b5d057b2d80aa2250326c174425886c1c0
Gozi
85d535a2051a60c54a1f2f43ce8854f51a784e87a7a9a5a337567fe3296d81a6
Gozi
cf816341e0eae9000454d053c35d0c45487035f44d8e2d0a48d5c4528130455c
Gozi
+ 197 additional samples on MalwareBazaar
Result
Malware family:
gozi_ifsb
Create hunting rule
Score:
  10/10
Tags:
family:gozi_ifsb banker trojan
Link:
https://tria.ge/reports/210405-3la19rs9vn/
Behaviour
Suspicious use of WriteProcessMemory
Gozi, Gozi IFSB
Unpacked files
SH256 hash:
026a934ae5a96fbb53fa1b81f69d5441d87c039951fb17639773bfb7f0a063ac
MD5 hash:
b8e4c4663cc6a6b33e7fe81e86b85e6d
SHA1 hash:
3a182a1d590af2cf073491c7c748ee16853e525f
Detections:
win_isfb_auto
Create hunting rule
Link:
https://www.unpac.me/results/f0cb37f3-c679-49af-b21f-34f0c6db0c5b/
Parent samples :
cb73a2cf01aa499376231e1c5c14dbf0abfae7a2f2036c78bcfbc35b2284a5d5
01006cd1258047b9e2bd9f58b303bd22c39b7f3242db9e4111f88b9f78b9df8f
4b8946f9fee32db6b42f7c0fdb70ca9ba7980c5932d3f959227cdfbef15e8c34
9f644696f60e80e65ba49dad63c828ba7eca8a3dd6a214bc5321cb7d3ed2c8e6
d8bcf8beebb5ab690b52094df6317f023f62f044e8107508d84d06d4700fe81a
bb5480c21a832b918bb504d84450129527c3e0c4c49924ecd874e880a6fb54c4
92df4c929fde89abd9aca880f6e942e432853e5e8db64ffe4c19929ff4e2342f
9e28e8d663048328cf77a9c78fb97b5037510d07b737ca0ee10065bb8bab1fd8
SH256 hash:
cb73a2cf01aa499376231e1c5c14dbf0abfae7a2f2036c78bcfbc35b2284a5d5
MD5 hash:
937e2c551368757c5e3c3598c41ea7d9
SHA1 hash:
599b5bc9138bec69ac61a82858d2a2115eeab943
Link:
https://www.unpac.me/results/f0cb37f3-c679-49af-b21f-34f0c6db0c5b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.42
Link:
https://yomi.yoroi.company/submissions/cb73a2cf01aa499376231e1c5c14dbf0abfae7a2f2036c78bcfbc35b2284a5d5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gozi

DLL dll cb73a2cf01aa499376231e1c5c14dbf0abfae7a2f2036c78bcfbc35b2284a5d5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1102796/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/132497/

Comments