General
-
Target
globalCounter.hta
-
Size
2KB
-
Sample
210614-z77rh36xmx
-
MD5
a10cc5c493b3ebc1f075424e146e92f0
-
SHA1
1ccaa12aae57ee57c36db36d5eb315373bcadb6c
-
SHA256
3b5b0403702eb792bae7f736afdfb7474d83a1ee471c334e9988926d3cf420ae
-
SHA512
148c03979dedb4b24ca88dad4b0d4d7ea6409febd34921044fa37be016632bb0267c737ef2b0d3da317010f0a868ced277ec632868cd8810fdc80646260adcdd
Static task
static1
Behavioral task
behavioral1
Sample
globalCounter.hta
Resource
win7v20210408
Behavioral task
behavioral2
Sample
globalCounter.hta
Resource
win10v20210410
Malware Config
Extracted
gozi_ifsb
6000
authd.feronok.com
app.bighomegl.at
-
build
250204
-
exe_type
loader
-
server_id
580
Targets
-
-
Target
globalCounter.hta
-
Size
2KB
-
MD5
a10cc5c493b3ebc1f075424e146e92f0
-
SHA1
1ccaa12aae57ee57c36db36d5eb315373bcadb6c
-
SHA256
3b5b0403702eb792bae7f736afdfb7474d83a1ee471c334e9988926d3cf420ae
-
SHA512
148c03979dedb4b24ca88dad4b0d4d7ea6409febd34921044fa37be016632bb0267c737ef2b0d3da317010f0a868ced277ec632868cd8810fdc80646260adcdd
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-