General
-
Target
order-06.010.2021.doc
-
Size
45KB
-
Sample
210610-sw142msnwx
-
MD5
08bfdea676168b15bcbc8d1dfef36e77
-
SHA1
e07427f180773ef0b2709298c276e70dcac94058
-
SHA256
fa822b09cf153f7e38073e0f6a78795af2ec6620d0fd4a88d0b9226f0a0c3448
-
SHA512
a6bc65a833c4f5f1ba9148d5a324773f6bcaf609ee0a541e42bcbdf41fb826491861cc304809626dfd4c1bca026ace9bc910726a90dba861363e3e40571ab4f6
Malware Config
Extracted
gozi_ifsb
6000
authd.feronok.com
app.bighomegl.at
-
build
250204
-
exe_type
loader
-
server_id
580
Targets
-
-
Target
order-06.010.2021.doc
-
Size
45KB
-
MD5
08bfdea676168b15bcbc8d1dfef36e77
-
SHA1
e07427f180773ef0b2709298c276e70dcac94058
-
SHA256
fa822b09cf153f7e38073e0f6a78795af2ec6620d0fd4a88d0b9226f0a0c3448
-
SHA512
a6bc65a833c4f5f1ba9148d5a324773f6bcaf609ee0a541e42bcbdf41fb826491861cc304809626dfd4c1bca026ace9bc910726a90dba861363e3e40571ab4f6
Score10/10-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-