General
-
Target
42.zip
-
Size
37KB
-
Sample
210618-3w4mz76yex
-
MD5
f5ade1ac71bd71da1f08b480cd939edd
-
SHA1
ee438b4fb9ccc4039552b87b79d8542bbdbabc93
-
SHA256
4d49ae7c236083099228b2bb42288560a7110face080ea63e20fe25c99840744
-
SHA512
aaa2ee4f168a958c25d6881b0398f82131babd577f50fef747eba1a284b8282cb220ca9611c80d6538c65dd9865a0cd55292e04b16e4ae417d4d8d493a80628a
Static task
static1
Behavioral task
behavioral1
Sample
fd18a646bd32938babf115e7b5eacb30e39630779520f6df26924b7c6513995c.bin.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
fd18a646bd32938babf115e7b5eacb30e39630779520f6df26924b7c6513995c.bin.doc
Resource
win10v20210410
Malware Config
Extracted
gozi_ifsb
6000
authd.feronok.com
app.bighomegl.at
-
build
250204
-
exe_type
loader
-
server_id
580
Targets
-
-
Target
fd18a646bd32938babf115e7b5eacb30e39630779520f6df26924b7c6513995c.bin
-
Size
45KB
-
MD5
cf6d17f7df9d3702c297b9f54bb5c571
-
SHA1
d554fe56cf733ccb72cf3581b53ec2fcb60106a8
-
SHA256
fd18a646bd32938babf115e7b5eacb30e39630779520f6df26924b7c6513995c
-
SHA512
f7f069e30042ac9e4334d0279517bd7b24ba982d38a216405ad58762888c6bd9037eaa8ce69333b1fd7638eb77f6b66df45bcad4d407361e22001b5f64045534
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Loads dropped DLL
-