MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d92edeb61ad7636386c2b3f47a4bb95ca27489b4806a7088bf3c012b7619a5b1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d92edeb61ad7636386c2b3f47a4bb95ca27489b4806a7088bf3c012b7619a5b1
SHA3-384 hash: 70accf9512cd2cc16a4ea7bfec1a86d38340910755c7f5732164934d974673cb1c01821483ea4b8da61e5d91091de5b9
SHA1 hash: f6b0b5bf6636c3ca7a1916cebefd73544f28cccc
MD5 hash: c1282cc44400b25bca2d63ec48ecf513
humanhash: gee-sweet-wolfram-spring
File name:2020-03-27-IcedID-EXE-persistent-on-infected-host.bin
Download: download sample
Signature Gozi
Create hunting rule
File size:1'622'016 bytes
First seen:2020-03-29 15:52:48 UTC
Last seen:2020-03-29 16:35:02 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9c2089ab9e34ee42300f2278c443333e (1 x Gozi)
ssdeep 24576:YQ96dOVzcsRo5mX6gDaJiOAVKYxncn1LWW5iIW:YrvSFPfqJzV
Threatray 5 similar samples on MalwareBazaar
TLSH 91758334B524C43EFCEE11BE9BAAD82DD96CBC616B0989C3D5805C864E38EE43D719D1
Reporter SankyYeram
Tags:exe Gozi

Intelligence

File Origin
# of uploads :
2
# of downloads :
107
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.42898550.7410.527.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Cridex
Create hunting rule
Status:
Malicious
First seen:
2020-03-27 23:03:00 UTC
File Type:
PE (Exe)
Extracted files:
5
AV detection:
23 of 30 (76.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3exn5nq225rwhbwcwp2hus5zlsrhjcnuqbvhbcf7hqasw5qzuwyq._file
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
13dd79b77c2ed2ba77d509e2d3b4621e83f7105674353f7e30930e07b099bce5
Gozi
33ffacc3e517f4f1dad47f1ca28d26188e202d5e2e300e1e71bc0a57e682292a
Gozi
56af437f8b3b60b32b7cba77fa159138a777a48e98ce0215e8ec6f97ef12b223
Gozi
e0cea593cef95fc3438ec707ef6d293c3189c3a3144a389f790cccfaec770759
Gozi
f937bbe27c6d52452a121bc9aa320c26ae7eada7cadc9dda0fafc2c6b1bd5818
Gozi
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Gozi

Executable exe d92edeb61ad7636386c2b3f47a4bb95ca27489b4806a7088bf3c012b7619a5b1

(this sample)

  
Link
https://www.malware-traffic-analysis.net/2020/03/27/index.html
  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_NXMissing Non-Executable Memory Protectioncritical
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User AuthorizationADVAPI32.dll::RevertToSelf
COM_BASE_APICan Download & Execute componentsole32.dll::CLSIDFromProgID
ole32.dll::CoCreateInstance
ole32.dll::CreateStreamOnHGlobal
MULTIMEDIA_APICan Play MultimediaGDI32.dll::StretchDIBits
SECURITY_BASE_APIUses Security Base APIADVAPI32.dll::GetFileSecurityW
ADVAPI32.dll::SetFileSecurityW
SHELL_APIManipulates System ShellSHELL32.dll::SHGetFileInfoW
WIN32_PROCESS_APICan Create Process and ThreadsADVAPI32.dll::OpenThreadToken
ADVAPI32.dll::SetThreadToken
KERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::GetVolumeInformationW
KERNEL32.dll::GetSystemInfo
KERNEL32.dll::GetStartupInfoA
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleA
KERNEL32.dll::WriteConsoleW
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleOutputCP
KERNEL32.dll::GetConsoleMode
KERNEL32.dll::GetConsoleCP
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CopyFileW
KERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateFileMappingA
KERNEL32.dll::CreateFileA
KERNEL32.dll::CreateFileW
KERNEL32.dll::DeleteFileW
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegCreateKeyW
ADVAPI32.dll::RegCreateKeyExW
ADVAPI32.dll::RegDeleteKeyW
ADVAPI32.dll::RegOpenKeyExW
ADVAPI32.dll::RegOpenKeyW
ADVAPI32.dll::RegQueryValueW
ADVAPI32.dll::RegQueryValueExW
WIN_USER_APIPerforms GUI ActionsUSER32.dll::AppendMenuW
USER32.dll::CreateMenu
USER32.dll::FindWindowW
USER32.dll::FindWindowExW
USER32.dll::OpenClipboard
USER32.dll::GetOpenClipboardWindow

Comments