General
-
Target
enjoin-06.21.doc
-
Size
49KB
-
Sample
210614-hmxynrqf9e
-
MD5
68f3731796cce6ce450d1b9e05093b2a
-
SHA1
9ccac54605eb3b0aa365cb359f6c71cb0a912fb8
-
SHA256
b794fe749ab133b1a4197cd713c0d8e70723058e5c2d3df57b553475c12e42a8
-
SHA512
ebd6e06b28ccb3a03d463da8d343a79ba31fc0b30424be972a520f5352561ddc4121f0a81744c30b80fb2c18660078c0ea72f0b22303ce2b7c68614c0124592b
Static task
static1
Behavioral task
behavioral1
Sample
enjoin-06.21.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
enjoin-06.21.doc
Resource
win10v20210408
Malware Config
Extracted
gozi_ifsb
6000
authd.feronok.com
app.bighomegl.at
-
build
250204
-
exe_type
loader
-
server_id
580
Targets
-
-
Target
enjoin-06.21.doc
-
Size
49KB
-
MD5
68f3731796cce6ce450d1b9e05093b2a
-
SHA1
9ccac54605eb3b0aa365cb359f6c71cb0a912fb8
-
SHA256
b794fe749ab133b1a4197cd713c0d8e70723058e5c2d3df57b553475c12e42a8
-
SHA512
ebd6e06b28ccb3a03d463da8d343a79ba31fc0b30424be972a520f5352561ddc4121f0a81744c30b80fb2c18660078c0ea72f0b22303ce2b7c68614c0124592b
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-