General
-
Target
das Dokument 04.21.2021.doc
-
Size
102KB
-
Sample
210423-v7qzwrnh4a
-
MD5
a31cb5bd816f16fa42d99efd1d52e81e
-
SHA1
95a943dab283fd669b89eeeceb9f154087a0e1c4
-
SHA256
443219b236712fc05b5b5033a5893e9b91d952a83a9a4825cac4b06d5f96c31b
-
SHA512
6d2754c5bea256ef3d52995b82208adc52d602856fa9b4dd2015c6d2c62f0d25f1da05a41a6c64818e38951083b2c42a464bfb1014b64839a2240fd6a8dae121
Malware Config
Extracted
gozi_ifsb
4460
1.microsoft.com
horulenuke.us
vorulenuke.us
-
build
250190
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
loader
-
server_id
12
Targets
-
-
Target
das Dokument 04.21.2021.doc
-
Size
102KB
-
MD5
a31cb5bd816f16fa42d99efd1d52e81e
-
SHA1
95a943dab283fd669b89eeeceb9f154087a0e1c4
-
SHA256
443219b236712fc05b5b5033a5893e9b91d952a83a9a4825cac4b06d5f96c31b
-
SHA512
6d2754c5bea256ef3d52995b82208adc52d602856fa9b4dd2015c6d2c62f0d25f1da05a41a6c64818e38951083b2c42a464bfb1014b64839a2240fd6a8dae121
Score10/10-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-