MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ebea18a2f0840080d033fb9eb3c54a91eb73f0138893e6c29eb7882bf74c1c30. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 6


Intelligence 6 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ebea18a2f0840080d033fb9eb3c54a91eb73f0138893e6c29eb7882bf74c1c30
SHA3-384 hash: 2b5d535a20b0670ee08f0ac61d77c016a83d9ff129551fa1f6ba72647a4cdc76e10e82fb44be0c0515bae4184bb80fb5
SHA1 hash: a164bbba7ba8c1c6c059e138773f0de7767c6e52
MD5 hash: 92f7179a6449650efb95db473c1a387f
humanhash: freddie-comet-fillet-butter
File name:shellcode1.bin
Download: download sample
Signature Gozi
Create hunting rule
File size:66'050 bytes
First seen:2023-03-19 05:46:54 UTC
Last seen:Never
File type:unknown
MIME type:application/octet-stream
ssdeep 1536:wRXhwRYQPo9MvJN3Ed56Cnuch/zWOj9HkzWvoCt:uhIM9MvJN3tCnuCzWwEKzt
TLSH T14B53E1B58C434668E1B12836E90F9014072A72E142D9A82B5B5BF7E35178FE5FB71932
Reporter 0xToxin
Tags:7709 Gozi Shellcode

Intelligence

File Origin
# of uploads :
1
# of downloads :
100
Origin country :
IL IL
Vendor Threat Intelligence
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6416a1d728f6cfd59136bbb4/reports/60272330-e8b4-47d8-961b-155629c4554c/overview
Verdict:
Malicious
Labled as:
Andromeda.Generic
Link:
https://www.hybrid-analysis.com/sample/ebea18a2f0840080d033fb9eb3c54a91eb73f0138893e6c29eb7882bf74c1c30
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ebea18a2f0840080d033fb9eb3c54a91eb73f0138893e6c29eb7882bf74c1c30/
Threat name:
Win32.Backdoor.Andromeda
Create hunting rule
Status:
Malicious
First seen:
2023-03-19 05:47:06 UTC
File Type:
Binary
AV detection:
8 of 39 (20.51%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5pvbrixqqqaibubt7oplhrkkshvxh4atrcj6nqu6w6ecx52mdqya._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/ebea18a2f0840080d033fb9eb3c54a91eb73f0138893e6c29eb7882bf74c1c30

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:malware_shellcode_hash
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect shellcode api hash value
Rule name:meth_get_eip
Create hunting rule
Author:Willi Ballenthin
Rule name:Windows_Trojan_RedLineStealer_ed346e4c
Create hunting rule
Author:Elastic Security

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments