MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f28c1c6e9c3c394739a6d79e4d748941b9c0a3576d084380485aa8d807a2266d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f28c1c6e9c3c394739a6d79e4d748941b9c0a3576d084380485aa8d807a2266d
SHA3-384 hash: ca01eb7b9cba94fb95a64b384881a11115737b7ed7ce7aa36d3dcda9b3c27cad01441f66e6a465c5a213fd2196a6f3fe
SHA1 hash: 4296742cad27bdbed286f1df84c0f162ba216237
MD5 hash: 349b17e618164143782e1d8d506e21aa
humanhash: spring-coffee-comet-mirror
File name:61238d0f9a956.dll
Download: download sample
Signature Gozi
Create hunting rule
File size:557'056 bytes
First seen:2021-08-23 11:57:46 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 12994b2554048ef1e6f7b4dd1e874109 (3 x Gozi)
ssdeep 12288:rqru80paIRPWxvFzhzFIkoAIcYrIAfDE0cb1Yklllll/lllll7K10QUNI0H:rs0IIFWx9zlFIkoADY8kcbHlllll/llH
Threatray 1'626 similar samples on MalwareBazaar
TLSH T111C49D12B791E024E9B952788F75D9D8AA2D38215B3850CF39E13B9F0E396E39D35343
Reporter JAMESWT_WT
Tags:brt dll Gozi isfb Ursnif

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'807
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/181490/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Ursnif
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/13ddc147-dc5b-458f-ac06-9c2c2625b4b1
Result
Threat name:
Ursnif
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/837500
Signature
Found malware configuration
System process connects to network (likely due to code injection or exploit)
Writes or reads registry keys via WMI
Writes registry values via WMI
Yara detected Ursnif
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f28c1c6e9c3c394739a6d79e4d748941b9c0a3576d084380485aa8d807a2266d/
Threat name:
Win32.Trojan.Ursnif
Create hunting rule
Status:
Malicious
First seen:
2021-08-23 11:58:06 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
16 of 46 (34.78%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
0a3bc15ceb80f700d80b7d651ff378cf407c239f3e513e3bc9bd854f82f7e22c
Gozi
181fe6714ebaff8c1855e8e1dbac545ffd160df0ec96ddf920c5155916b7111b
Gozi
46b5308d058e2dcd8e0868345d77a81abea0db8e0aa32a6b55e264fe18b7f577
Gozi
5d002f8a395fcc9a680a9ef4f78a8674cc0757850b02bf12a8ef4df79e2e4bd3
Gozi
5f65108386662cc4780882e06928dd940ea6c75235bf8e4c09079e6e40045326
Gozi
9164fdcb36a96b934a66b23da4101dc5a24ccc8807aeb12760132fe4e64c5a9a
Gozi
bd43f7bc23a76b086a81b8e6fcd4355cac648d3f7d9a941d9aa259def534d5b1
Gozi
c521dd937ce9b2e8bda2fa915bae5b5be0e150a8b82e3b2bfb1cdbc60a8326c4
Gozi
eb498648d17ad5250ab1f38b190dd2da8bfa8db3ee86054db991db79d15ad5cc
Gozi
+ 1'616 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210823-76vj2b1f52/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
cc89669a3ca75594456e91595e249f02e41a5b66d1f256a2281804c10ea13c23
MD5 hash:
6eb6ef0ed1b8b345412f9545571042e2
SHA1 hash:
b9a1945c04610ae72265c5da6ccfe29ca1a4c52e
Detections:
win_isfb_auto
Create hunting rule
Link:
https://www.unpac.me/results/70078b00-1474-4ff5-8cf5-28777e437d26/
Parent samples :
f28c1c6e9c3c394739a6d79e4d748941b9c0a3576d084380485aa8d807a2266d
0a3bc15ceb80f700d80b7d651ff378cf407c239f3e513e3bc9bd854f82f7e22c
e4a5317a1b7c1ab91bb131dba5fea06fdb89e38c291e17f71b5c1634cfddecbe
a5540f6dd0f7761dd3f7e52f5e1d25332b99d95cccf63401d202406160948750
SH256 hash:
f28c1c6e9c3c394739a6d79e4d748941b9c0a3576d084380485aa8d807a2266d
MD5 hash:
349b17e618164143782e1d8d506e21aa
SHA1 hash:
4296742cad27bdbed286f1df84c0f162ba216237
Link:
https://www.unpac.me/results/70078b00-1474-4ff5-8cf5-28777e437d26/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f28c1c6e9c3c394739a6d79e4d748941b9c0a3576d084380485aa8d807a2266d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/181490/

Comments