MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d7764e927904a3047f2e681ff9a7b6e94c230e08bbd3eb489d948131255e94cb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d7764e927904a3047f2e681ff9a7b6e94c230e08bbd3eb489d948131255e94cb
SHA3-384 hash: 00bf33113531feacf164a0c4e689e0291f3d35f7031dd3075ebf729ae850b8a29ef1813c52e44827218ca6675c22989f
SHA1 hash: b9fe2897b565f33f63dd924ab3c03c33bdd25b14
MD5 hash: 5c2949cd5c50923880bb3467955d05f7
humanhash: oregon-coffee-ohio-nitrogen
File name:SecuriteInfo.com.Heur.Mint.Regotet.1.13897.30495
Download: download sample
Signature Gozi
Create hunting rule
File size:232'845 bytes
First seen:2020-05-29 03:46:30 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ac352ca741272e8f62ddd67e418f3cf3 (7 x Gozi)
ssdeep 1536:JVS+N3WyTgsvrHb2IcMenJQcwtNvjf6lypSr2o5X+mz2dIxxXIogPwFE4e5o:JVpRltHPxeCZ6Fj+mzqIx9vgG
Threatray 1'098 similar samples on MalwareBazaar
TLSH DF34E9EB18D492B2FDB845B198DA6D053CF37CA48A9389E5890539B37D3C08A1F1C5F9
Reporter SecuriteInfoCom
Tags:Gozi

Code Signing Certificate

Organisation:UTN-USERFirst-Object
Issuer:AddTrust External CA Root
Algorithm:sha1WithRSAEncryption
Valid from:Jun 7 08:09:10 2005 GMT
Valid to:May 30 10:48:38 2020 GMT
Serial number: 421AF2940984191F520A4BC62426A74B
Intelligence: 307 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 2CF1EC6AB594113BD538DF6D5C940E3319B424F8756D975888072C6AB558B771
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.Mint.Regotet.1.13897.30495.UNOFFICIAL
Create hunting rule

PUA.Win.File.Regotet-7914506-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Gozi
Create hunting rule
Status:
Malicious
First seen:
2020-05-29 04:35:38 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
29 of 48 (60.42%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
08d5f4fe0502c81a416b29b00cc91170da32daaf6d382ae11a713fd0cfa16e12
Gozi
343c73aa5c8e7ce4151d2a02f5c755d2df31e6c2c7d09bfbe87d5b6b98197abe
Gozi
4c070f57d9730f7d60823ad20304924a8bf3a947fe3cbd26a9aef5f7b98907e9
Gozi
4ef0dc8736215db02685aa6e2fa7b916441c0d9fb738cfcbd2453a8527dc83b8
Gozi
75d6fcb75c0b26f417f8843ae4b1d535222bd015f4aa5d2ca130e5acc6d49c3b
Gozi
8526b9d15efa3e793ac4b6f9fb429841f42db283d92c3f64a9f4c3945ccb8b81
Gozi
9381a9accaeb33871ab1b8ca9ad90bc06b5df8cd9fc6931457cd5c8180696e20
Gozi
c3636268f6d8b411a2bea8a72d85229c2082d218f01a161031546a57b52b48b8
Gozi
cd4ea9f0add28de11dee831302cddfa2b0e4b42e3d65c8929e735ece2f94590e
Gozi
fadb93772818614d5396d07dc8932f8273d41d988b4d02e6e46d5e2281d4463b
Gozi
+ 1'088 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
cryptone packer
Link:
https://tria.ge/reports/201109-249bmble6j/
Behaviour
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments