General
-
Target
material_06.21.doc
-
Size
49KB
-
Sample
210614-9m1dd9cgws
-
MD5
90f830f394798beeab08062829ad1103
-
SHA1
14ae965eadf99d78177ca24544de9f7b1d35a744
-
SHA256
54f88a13720f577d84c6e97491f588e7c79b4b6e9df490faef663de2c19cc12c
-
SHA512
4f141b38a11ab279d981ac944ba9fb0e3614cfaabd30dccb8ae0f3859a0c904bf1c5089060311efced85becfb3b88954c33a1712aae3e2b3566432eb49cd4f76
Malware Config
Extracted
gozi_ifsb
6000
authd.feronok.com
app.bighomegl.at
-
build
250204
-
exe_type
loader
-
server_id
580
Targets
-
-
Target
material_06.21.doc
-
Size
49KB
-
MD5
90f830f394798beeab08062829ad1103
-
SHA1
14ae965eadf99d78177ca24544de9f7b1d35a744
-
SHA256
54f88a13720f577d84c6e97491f588e7c79b4b6e9df490faef663de2c19cc12c
-
SHA512
4f141b38a11ab279d981ac944ba9fb0e3614cfaabd30dccb8ae0f3859a0c904bf1c5089060311efced85becfb3b88954c33a1712aae3e2b3566432eb49cd4f76
Score10/10-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-