MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ccf1e6416673f50f016cfa1658e9dd29793195b9bc701fedc1218d122faeb6b2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ccf1e6416673f50f016cfa1658e9dd29793195b9bc701fedc1218d122faeb6b2
SHA3-384 hash: 659212d1b9fb06a3340b755778211cbb6ac294925f814b0b1376faa809065fcad355b8022486260a6fe23f0dc869c2de
SHA1 hash: 5dfc4bfa864e502ba0f4ac4db9c2a506ead11627
MD5 hash: 508d23fb6e75776e4944233034547ce8
humanhash: lake-shade-harry-wyoming
File name:SecuriteInfo.com.Generic.mg.508d23fb6e75776e.15437
Download: download sample
Signature Gozi
Create hunting rule
File size:737'280 bytes
First seen:2020-05-15 18:33:35 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 0cbf30fa012cb4d929dbc29ee60b0a22 (1 x Gozi)
ssdeep 12288:GIJhp3FbwI1R1vScyOIkskZ76iV+5x/2AXJx1QuOOPe7sd8zohGPDFuSrETM7UFO:5pVwc/pmzxX31iOPeA2z6GPcSrETM7U
Threatray 472 similar samples on MalwareBazaar
TLSH B1F45A34BA80E030D52D5976DC89D1FF16227C05DF6056A7BBC43F8F3673AAB8425A86
Reporter SecuriteInfoCom
Tags:Gozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.508d23fb6e75776e.15437.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Cridex
Create hunting rule
Status:
Malicious
First seen:
2020-05-15 14:30:48 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
zloader
Create hunting rule
gozi
Create hunting rule
Similar samples:
1267b822cde1edabfc063458232a5ed9ea03652416de96b8d12ecb1058c86e23
Gozi
385be4267e9aaadfb82815d54dde7fccbd0d1b843aa3c4062ef752a9378ae02e
Gozi
4bc2794576ebc0396a825e7b5f5fa26303e79972e7a2d68ded5cd68729288107
Gozi
6593fa326b8eb0b737a17889c50c539ac45f2f9215fdab50ffa62df1be7ec2d1
Gozi
692c58e28e0f0346adfbad2356dd8495ec8f07718ee40db171b50e8870526f96
Gozi
7d5ef8e6c5738ebc13718eee67f0b6cc354f3e28b135e4a378f69d57043299b8
Gozi
abe31666e7b408ed139ba7452f70d3f633b7cc7ce0de9de8b8c6489f47a34df8
Gozi
cc32eb0fb5c35376f69a3d6b81fdb339309d06d80a2cffa2604e21012ac33c18
Gozi
d252bafdd21ef871df2eeed20ae4cbf3b6e2f6df268d93ea563b01aaec889baa
Gozi
ed8328548179948fb69a7326022255984c289763041bdccd38cc0968a005e7d7
Gozi
+ 462 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
family:zloader botnet:miguel campaign:15/05 botnet trojan
Link:
https://tria.ge/reports/201109-sr8hdecza6/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Zloader, Terdot, DELoader, ZeusSphinx
Malware Config
C2 Extraction:
https://luxiyouyue.club/wp-parser.php
https://aapasifik.com/wp-parser.php
http://zylstudio.com/wp-parser.php
https://caodangyduochanoi1.edu.vn/wp-parser.php
https://butterfly-crm.solusaas.com/wp-parser.php
http://karkas24.site/wp-parser.php
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gozi

DLL dll ccf1e6416673f50f016cfa1658e9dd29793195b9bc701fedc1218d122faeb6b2

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/363237/
  
Delivery method
Distributed via web download

Comments