General
-
Target
Information_12761.xlsb
-
Size
98KB
-
Sample
210210-bw6l62jgme
-
MD5
2ec72f5e2212c6b28398c63262dea005
-
SHA1
7c457be5bd44fcb6ede6a53ca33071a55555ed2c
-
SHA256
52b330f16d858c74fef8c1b1917d8db589fc58965d076ec8ed31d9592f534b88
-
SHA512
d641491b34c741cb1492a5a11e03e3a2a30460a44fdaebd8312fbd6d2036b0a1ef7e4f0e2d604b31e452f6f3433d84ced34c51fd1c844e720b8ca2a8d265425a
Behavioral task
behavioral1
Sample
Information_12761.xlsb
Resource
win7v20201028
Malware Config
Extracted
http://135.181.84.1/campo/p/p
Extracted
gozi_ifsb
2200
api10.laptok.at/api1
golang.feel500.at/api1
go.in100k.at/api1
-
build
250171
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
loader
Targets
-
-
Target
Information_12761.xlsb
-
Size
98KB
-
MD5
2ec72f5e2212c6b28398c63262dea005
-
SHA1
7c457be5bd44fcb6ede6a53ca33071a55555ed2c
-
SHA256
52b330f16d858c74fef8c1b1917d8db589fc58965d076ec8ed31d9592f534b88
-
SHA512
d641491b34c741cb1492a5a11e03e3a2a30460a44fdaebd8312fbd6d2036b0a1ef7e4f0e2d604b31e452f6f3433d84ced34c51fd1c844e720b8ca2a8d265425a
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-