SHA256MediumSignal 99/100

`061c271c0617e56aeb196c834fcab2d24755afa50cd95cc6a299d76be496a858`

Location

Peru

First Seen

Mar 19, 2023

Last Seen

Apr 29, 2026

Mar 19

First Seen

1184d ago

Apr 29

Last Seen

47d ago

Reports

source reports

99%

Confidence

medium

Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

SHA-256 Hash

SHA-256 file hash — primary identifier for malware samples.

MISP Category

Artifacts Dropped

Hash Algorithm

SHA256

Confidence

99%

Signal Score

99 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

58 techniques

Feed Intelligence Summary

9 reports99% confidence

Source reports

99%

Confidence score

Category tags

aaaaabuseactive scanactive scanningalienvault_ransomwareapc injectionapisassociated urlsattackbad reputationbboxblackbotnetbotnet activitybrute forcebypasscalls-wmick idck matrixclassclickclick-based attackclosecnamecobalt strikecommandcommand and controlconfigcorecreation datecredential accesscredential stuffingcryptocryptocurrencycryptocurrency threatscryptojackingdata encryptiondata exfiltrationdata store exposureddosdefense evasiondesktopdirect-cpu-clock-accessdistributed attacksdos modeencryptionentrieseuropeevasion defenseexecutable fileexploitation activityextortionextra windowfailedfalsefilefile-hashfinalfinancefolderformatfoundftp brute forcegozigozi isfbgozi itagozi jjgozi smbgreenhellokittyhttp attackhttp brute forcehybrididentity & access exploitationim relatedindicatorinformation retrievalinjection activityiot securityita mefita ursniflearnlittlemalmalicious activitymalicious linksmalicious softwaremalwaremarkmaskmef misememorymitre attmobile threatname tacticsnetherlandsnetwork communicationnetwork reconnaissancenetwork relatednetwork scanningoperating systemothuumoverlaypassword attackpattern matchpeexeperuphishingpresent junprocessprocess injectionransomwareratsrebirthreconnaissanceremote accessremote servicesresearchedresource hijackingrevenue agencyri falsekrlengthrun keysruntime-moduless.ashxsearchsecurity toolsserviceshellcodeshellcode danceshow techniquesocial engineeringsouth americaspyware activity detectedspyware/information retrieval activityssh attackstartstatusstreamstringsstrongswedensyn scansystem disruptiont1001t1003t1005t1021t1021.001t1027t1036t1041t1046t1053t1055t1056t1057t1059t1059.001t1060t1069.001t1071t1071.001t1076t1078t1082t1089t1090t1105t1107t1110t1110.002t1113t1114t1129t1189t1190t1204t1204.001t1204.002t1480t1486t1489t1490t1491t1496t1497t1499.002t1499.003t1530t1560t1563t1565t1566t1567t1569.002t1573t1590t1595t1595.001t1595.002t1595.003tcp scanthreat actortor nodeudp scanunitedursnifursnif zipuser executionweb securitywin32 malwarewindowwindow memorywindowswindows malwarexmpgxobject

Activity Timeline

1 total obs

Apr 29Apr 29

Threat Activity Heatmap

· Peak: 2026-04-29

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

99%

Confidence

Reports

First seenMar 19, 2023

Last seenApr 29, 2026

VirusTotal

Not checked

WHOIS

description: PE32 executable (GUI) Intel 80386, for MS Windows
references: https://malpedia.caad.fkie.fraunhofer.de/details/win.gozi, https://threatfox.abuse.ch/browse/malware/win.gozi/, https://bazaar.abuse.ch/browse.php?search=signature%3AGozi, www.alertasyseguridad.com, https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/gozi-italian-shellcode-dance, 2719879.misp-json, https://t.me/certagid/447, https://cert-agid.gov.it/wp-content/uploads/2023/03/ursnif_agenzia-entrate_01-03-2023.json_.txt, https://t.me/certagid/449, https://design.stellrit.com/impresa/Agenzia.ppa, https://fortdelgres.com/impresa/Direzione.ppa, https://ultradroneafrica.com/impresa/Agenzia.ppa, https://fortdelgres.com/impresa/, https://uzuri-shop.com/impresa/Agenzia.ppa, https://ultradroneafrica.com/impresa/AgenziaEntrate.ppa, https://uzuri-shop.com/impresa/Marzo.ppa, https://oneweekday.com/impresa/Agenzia_Entrate.ppa, https://uzuri-shop.com/impresa/contratto.ppa, https://ultradroneafrica.com/impresa/Direzione.ppa, https://samikshashetty.com/impresa/cliente.ppa, https://alligatorplataformas.com/impresa/, https://clublameute.com/impresa/Agenzia.ppa, https://ultradroneafrica.com/impresa/Marzo.ppa, https://ultradroneafrica.com/impresa/azienda.ppa, https://clublameute.com/impresa/azienda.ppa, https://solonotizie.com/impresa/AgenziaEntrate.ppa, https://samikshashetty.com/impresa/impresa.ppa, https://design.stellrit.com/impresa/impresa.ppa, https://juba-web.com/impresa/AgenziaEntrate.ppa, https://samikshashetty.com/impresa/Marzo.ppa, https://samikshashetty.com/impresa/, https://design.stellrit.com/impresa/cliente.ppa, https://fortdelgres.com/impresa/Marzo.ppa, https://fortdelgres.com/impresa/AgenziaEntrate.ppa, https://fotografogianpaolosoldatini.com/impresa/AgenziaEntrate.ppa, http://109.248.11.15/network.exe, https://alligatorplataformas.com/impresa/documenti.ppa, https://medicalbillingandtelehealth.com/impresa/impresa.ppa, https://solonotizie.com/impresa/impresa.ppa, https://fotografogianpaolosoldatini.com/impresa/Marzo.ppa, https://fortdelgres.com/impresa/documenti.ppa, https://juba-web.com/impresa/Marzo.ppa, https://solonotizie.com/impresa/Marzo.ppa, https://alligatorplataformas.com/impresa/contratto.ppa, https://mbal-karlovo.com/impresa/Marzo.ppa, https://medicalbillingandtelehealth.com/impresa/Agenzia_Entrate.ppa, https://mbal-karlovo.com/impresa/Agenzia_Entrate.ppa, https://solonotizie.com/impresa/Agenzia_Entrate.ppa, https://oneweekday.com/impresa/impresa.ppa, https://ultradroneafrica.com/impresa/cliente.ppa, http://191.101.2.39/installazione.exe, https://uzuri-shop.com/impresa/Agenzia_Entrate.ppa, https://samikshashetty.com/impresa/azienda.ppa, https://samikshashetty.com/impresa/Direzione.ppa, https://uzuri-shop.com/impresa/AgenziaEntrate.ppa, https://mbal-karlovo.com/impresa/Agenzia.ppa, https://oneweekday.com/impresa/cliente.ppa, https://uzuri-shop.com/impresa/impresa.ppa, https://oneweekday.com/impresa/Marzo.ppa, https://ultradroneafrica.com/impresa/Agenzia_Entrate.ppa, https://medicalbillingandtelehealth.com/impresa/documenti.ppa, https://mbal-karlovo.com/impresa/contratto.ppa, https://design.stellrit.com/impresa/, https://juba-web.com/impresa/Agenzia_Entrate.ppa, https://design.stellrit.com/impresa/Direzione.ppa, https://oneweekday.com/impresa/Agenzia.ppa, https://design.stellrit.com/impresa/azienda.ppa, https://alligatorplataformas.com/impresa/AgenziaEntrate.ppa, https://uzuri-shop.com/impresa/, https://solonotizie.com/impresa/Direzione.ppa, https://juba-web.com/impresa/Direzione.ppa, https://medicalbillingandtelehealth.com/impresa/AgenziaEntrate.ppa, https://clublameute.com/impresa/documenti.ppa, https://alligatorplataformas.com/impresa/impresa.ppa, https://fortdelgres.com/impresa/contratto.ppa, https://design.stellrit.com/impresa/AgenziaEntrate.ppa, https://fotografogianpaolosoldatini.com/impresa/Agenzia.ppa, https://fotografogianpaolosoldatini.com/impresa/azienda.ppa, https://mgjbctzn.page.link/KKau9RoY11uK7D1t6, https://medicalbillingandtelehealth.com/impresa/, https://alligatorplataformas.com/impresa/cliente.ppa, https://alligatorplataformas.com/impresa/Direzione.ppa, https://mbal-karlovo.com/impresa/Direzione.ppa, https://design.stellrit.com/impresa/contratto.ppa, https://fotografogianpaolosoldatini.com/impresa/impresa.ppa, https://uzuri-shop.com/impresa/Direzione.ppa, https://uzuri-shop.com/impresa/azienda.ppa, https://mbal-karlovo.com/impresa/impresa.ppa, https://alligatorplataformas.com/impresa/Marzo.ppa, https://solonotizie.com/impresa/Agenzia.ppa, https://ultradroneafrica.com/impresa/impresa.ppa, https://juba-web.com/impresa/azienda.ppa, https://design.stellrit.com/impresa/Marzo.ppa, https://fortdelgres.com/impresa/Agenzia_Entrate.ppa, https://ultradroneafrica.com/impresa/documenti.ppa, https://mbal-karlovo.com/impresa/azienda.ppa, https://mbal-karlovo.com/impresa/documenti.ppa, https://samikshashetty.com/impresa/documenti.ppa, https://fortdelgres.com/impresa/Agenzia.ppa, https://clublameute.com/impresa/contratto.ppa, https://fortdelgres.com/impresa/azienda.ppa, https://hlqpuoio.page.link/6wkBdygP4eh4mob76, https://medicalbillingandtelehealth.com/impresa/contratto.ppa, https://samikshashetty.com/impresa/contratto.ppa, https://fotografogianpaolosoldatini.com/impresa/, http://109.248.11.155/network.exe, https://samikshashetty.com/impresa/Agenzia.ppa, https://samikshashetty.com/impresa/AgenziaEntrate.ppa, https://juba-web.com/impresa/Agenzia.ppa, https://clublameute.com/impresa/impresa.ppa, https://fotografogianpaolosoldatini.com/impresa/documenti.ppa, https://solonotizie.com/impresa/cliente.ppa, http://gplongxuyen.org/connect/index.php, https://mbal-karlovo.com/impresa/AgenziaEntrate.ppa, https://clublameute.com/impresa/, https://juba-web.com/impresa/cliente.ppa, https://oneweekday.com/impresa/, https://fotografogianpaolosoldatini.com/impresa/Direzione.ppa, https://oneweekday.com/impresa/documenti.ppa, https://fotografogianpaolosoldatini.com/impresa/contratto.ppa, https://medicalbillingandtelehealth.com/impresa/Direzione.ppa, https://uzuri-shop.com/impresa/documenti.ppa, https://solonotizie.com/impresa/azienda.ppa, https://oneweekday.com/impresa/Direzione.ppa, https://fotografogianpaolosoldatini.com/impresa/Agenzia_Entrate.ppa, https://alligatorplataformas.com/impresa/azienda.ppa, https://fotografogianpaolosoldatini.com/impresa/cliente.ppa, https://medicalbillingandtelehealth.com/impresa/Agenzia.ppa, https://clublameute.com/impresa/cliente.ppa, https://design.stellrit.com/impresa/documenti.ppa, https://juba-web.com/impresa/documenti.ppa, https://mbal-karlovo.com/impresa/, https://ultradroneafrica.com/impresa/, https://juba-web.com/impresa/impresa.ppa, https://juba-web.com/impresa/, https://fortdelgres.com/impresa/cliente.ppa, https://clublameute.com/impresa/Marzo.ppa, https://uzuri-shop.com/impresa/cliente.ppa, https://fortdelgres.com/impresa/impresa.ppa, https://alligatorplataformas.com/impresa/Agenzia_Entrate.ppa, https://solonotizie.com/impresa/documenti.ppa, https://medicalbillingandtelehealth.com/impresa/cliente.ppa, https://medicalbillingandtelehealth.com/impresa/Marzo.ppa, https://oneweekday.com/impresa/contratto.ppa, https://juba-web.com/impresa/contratto.ppa, https://medicalbillingandtelehealth.com/impresa/azienda.ppa, https://mbal-karlovo.com/impresa/cliente.ppa, https://clublameute.com/impresa/AgenziaEntrate.ppa, https://oneweekday.com/impresa/AgenziaEntrate.ppa, https://samikshashetty.com/impresa/Agenzia_Entrate.ppa, https://oneweekday.com/impresa/azienda.ppa, https://clublameute.com/impresa/Direzione.ppa, https://design.stellrit.com/impresa/Agenzia_Entrate.ppa, https://solonotizie.com/impresa/, https://rghhkoso.page.link/WdZqP4DqSkCupJMD7, http://primusth.com/connect/index.php, http://asaims.co/connect/index.php, https://nwspbvqo.page.link/JEkkrjjq7AVeTrGa8, https://clublameute.com/impresa/Agenzia_Entrate.ppa, https://solonotizie.com/impresa/contratto.ppa, https://ultradroneafrica.com/impresa/contratto.ppa

`061c271c0617e56aeb196c834fcab2d24755afa50cd95cc6a299d76be496a858`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy