MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f1fb6f4482571a4429e7ef7c75595303ac6c8367023d725dd3021db1015c3221. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f1fb6f4482571a4429e7ef7c75595303ac6c8367023d725dd3021db1015c3221
SHA3-384 hash: 5e80d442cbc192375ae81ec51a8498a7808929d64d27a8ed3707d69e20c645bf35efcce2701f835331244446c80bc417
SHA1 hash: 2b5813652bbbd68e9eb7bbd1235d952d9b127ba8
MD5 hash: fead400b99c449fec88e22453aacef6a
humanhash: oxygen-carolina-don-diet
File name:fead400b99c449fec88e22453aacef6a.exe
Download: download sample
Signature Gozi
Create hunting rule
File size:2'108'928 bytes
First seen:2021-11-18 19:47:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b9005a59919df3b1340483e40896aaf6 (1 x Gozi)
ssdeep 24576:qA864/5Nhq4nm2/u0I8tquax5IoFlGP/TRRr6Si210iOBauD5HgpAFqb1chW5M7:qDLwObI8s2C3GI7
Threatray 3 similar samples on MalwareBazaar
TLSH T154A5E00367EABCE6D075023067B78BD1872DED108694C99F66C454708AFD6837E2AFD2
File icon (PE):PE icon
dhash icon f0968ee8aae8e8b2 (9 x Urelas, 5 x HermeticWiper, 4 x Starcat)
Reporter abuse_ch
Tags:exe Gozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
fead400b99c449fec88e22453aacef6a.exe
Verdict:
Suspicious activity
Analysis date:
2021-11-18 19:56:04 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/bd49b095-1147-4d03-8cf1-fc1b385f06d6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Gathering data
Result
Verdict:
Clean
Maliciousness:

Behaviour
Using the Windows Management Instrumentation requests
DNS request
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware
Link:
https://www.filescan.io/uploads/6196adf543e8f62b66993525/reports/88b29544-bf8b-4a50-a154-f06fb61e59b9/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c801b3fd-c635-44f4-a1d2-95c324bd5312
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/892259
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f1fb6f4482571a4429e7ef7c75595303ac6c8367023d725dd3021db1015c3221/
Threat name:
Win32.Trojan.KryptikAGen
Create hunting rule
Status:
Malicious
First seen:
2021-11-18 19:48:06 UTC
AV detection:
18 of 27 (66.67%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
2c1cfaeb1cb2168477f7e90e671a7ba182cb95b4845c0cf4c44f5809edcd5cc2
Gozi
be39a79adbc892815b56c1734f0af24ec909a58616a248b06e34de82de92a976
Gozi
cc87729bab09fd3d13ceb36c1ea3ed112e7c1713a640ac4533c6f60f1a9640ba
Gozi
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/211118-yh4qvsfdbq/
Unpacked files
SH256 hash:
f1fb6f4482571a4429e7ef7c75595303ac6c8367023d725dd3021db1015c3221
MD5 hash:
fead400b99c449fec88e22453aacef6a
SHA1 hash:
2b5813652bbbd68e9eb7bbd1235d952d9b127ba8
Link:
https://www.unpac.me/results/e0e519ab-10ae-4b26-ab27-cbf08e945ee8/
Malware family:
Ursnif
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/f1fb6f448257/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f1fb6f4482571a4429e7ef7c75595303ac6c8367023d725dd3021db1015c3221

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gozi

Executable exe f1fb6f4482571a4429e7ef7c75595303ac6c8367023d725dd3021db1015c3221

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1796543/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/207380/

Comments