General
-
Target
comando 03.15.2021.doc
-
Size
75KB
-
Sample
210316-yp8hdpl5p6
-
MD5
1e5bb5d9b94de2f57603021d57125d9a
-
SHA1
f311e990f90496803bf17c49381ad9712895eea2
-
SHA256
b5fcda8806def3e51537b8b94012bca05057f162dc0a3b8ed6609df4939f359a
-
SHA512
b052291e360c737d6b18407d28d0f435be48224c8ecef5557e3c736e06614ad253ab67ed7edd1e656c5ef9eead31dfbd7a84a0eb6707bd312139599cd085ef92
Static task
static1
Behavioral task
behavioral1
Sample
comando 03.15.2021.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
comando 03.15.2021.doc
Resource
win10v20201028
Malware Config
Extracted
gozi_ifsb
5500
windows.update.com
shop.microsoft.com
fraloopilo.xyz
paladingrazz.xyz
-
build
250177
-
dga_season
10
-
exe_type
loader
-
server_id
12
Targets
-
-
Target
comando 03.15.2021.doc
-
Size
75KB
-
MD5
1e5bb5d9b94de2f57603021d57125d9a
-
SHA1
f311e990f90496803bf17c49381ad9712895eea2
-
SHA256
b5fcda8806def3e51537b8b94012bca05057f162dc0a3b8ed6609df4939f359a
-
SHA512
b052291e360c737d6b18407d28d0f435be48224c8ecef5557e3c736e06614ad253ab67ed7edd1e656c5ef9eead31dfbd7a84a0eb6707bd312139599cd085ef92
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-