General
-
Target
direct.06.21.doc
-
Size
45KB
-
Sample
210618-dn6q59kmne
-
MD5
fd6e7c4dc800744dd6fa8978e53f6d06
-
SHA1
cf3f4b86884bd1e09829d4b6068bba85fa38678a
-
SHA256
80716bed129a179e1774b3d825fbb7348369acba937005e32dc3577684bc6425
-
SHA512
ceb2a7abfe7aceef7ff87f14a970055d1cb99cf8aa082a94ad29bee3fc9f3e7e4fba316a6eaffefdd1516c455353119de39965d774a21216124e4fdec1db97af
Static task
static1
Behavioral task
behavioral1
Sample
direct.06.21.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
direct.06.21.doc
Resource
win10v20210410
Malware Config
Extracted
gozi_ifsb
6000
authd.feronok.com
app.bighomegl.at
-
build
250204
-
exe_type
loader
-
server_id
580
Targets
-
-
Target
direct.06.21.doc
-
Size
45KB
-
MD5
fd6e7c4dc800744dd6fa8978e53f6d06
-
SHA1
cf3f4b86884bd1e09829d4b6068bba85fa38678a
-
SHA256
80716bed129a179e1774b3d825fbb7348369acba937005e32dc3577684bc6425
-
SHA512
ceb2a7abfe7aceef7ff87f14a970055d1cb99cf8aa082a94ad29bee3fc9f3e7e4fba316a6eaffefdd1516c455353119de39965d774a21216124e4fdec1db97af
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Loads dropped DLL
-