MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd44086fe5fd433c14f4fc1e03f318353add50ac77dee6da3f64c4d2c5414c1c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gozi


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fd44086fe5fd433c14f4fc1e03f318353add50ac77dee6da3f64c4d2c5414c1c
SHA3-384 hash: b81daef74de21d6514daa639411c0bd1610e3e6c334ffb5cffc5f2509588bed6bca9e9de300d765c848de665d70cf8eb
SHA1 hash: 05fa40fd0f443d5f591cdc024a344f0eb10c5d46
MD5 hash: 938b8214395f3dde41c1646af5558dcf
humanhash: river-three-missouri-network
File name:SecuriteInfo.com.Variant.Johnnie.260029.31647.5696
Download: download sample
Signature Gozi
Create hunting rule
File size:325'120 bytes
First seen:2020-07-04 08:41:55 UTC
Last seen:2020-08-02 07:32:37 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash bddf7b3124a30252fae2e2cbce9a42ac (1 x Gozi)
ssdeep 6144:nQ4mbmV4IGBNI4qwComccVVWLd5inaUObpbP:Obm6FbI8Co1cVVEXOHIbP
Threatray 663 similar samples on MalwareBazaar
TLSH 2064BE113BE59035F27F0739497A86204EBDFDA28930C9CB67C1690E0A771C1E7A6B67
Reporter SecuriteInfoCom
Tags:Gozi

Intelligence

File Origin
# of uploads :
4
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/20080/
Detection(s):
SecuriteInfo.com.Variant.Johnnie.260029.31647.5696.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fd44086fe5fd433c14f4fc1e03f318353add50ac77dee6da3f64c4d2c5414c1c/
Threat name:
Win32.Trojan.DanaBot
Create hunting rule
Status:
Malicious
First seen:
2020-07-02 09:51:23 UTC
File Type:
PE (Dll)
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
1bd323c57344a8b38ac22ceec92707ba3b6a30d29b66fc32e163649ea7de8a0f
Gozi
4069689f46e160bb37d2fed931b8aa255f1cc8df5161ae0f5ed67c6bc3ce545d
Gozi
481659d344a246a19eb516b01ea71e074e893f6ab4ba9de11c24fba15a8ec9fc
Gozi
59b5aaa1b9d1225610007636ef70dec8f0f1889661d12690d02494718f7df54b
Gozi
659812b78542044d9ebb46743ecda037762a71a49f05322d5fa9bd8b3337d0d4
Gozi
73872d1c97da41772d51fec33613cc1de32b27b43ec5135d1a1c357de5fb9d77
Gozi
73926cf57488263db6454fecf95436c25aa581ad1c353c135dc3d8e258be2f8d
Gozi
8421811ca6b95b3a4f3610184af94f4295a57cc7aaca20062dd42acd76186733
Gozi
8ce9c42220de87bf0dedab305d7874d286726ac18bae834c80e0d6eba8438df7
Gozi
be14ed801453c78d6c80992705cfe0e7eb03f808d2b28704ffa2925cdc46fdc9
Gozi
+ 653 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200704-6ywwgwccbj/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gozi

DLL dll fd44086fe5fd433c14f4fc1e03f318353add50ac77dee6da3f64c4d2c5414c1c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/407601/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/20080/

Comments