General
-
Target
ordain.06.21.2021.doc
-
Size
49KB
-
Sample
210621-9vqvyrxbas
-
MD5
13731c9cb360c300137bcb1779267f41
-
SHA1
cf816dc25baf65c92550452e3abe7f871af7f55a
-
SHA256
89816b893e66ff5eb9a42c14a2223e451e178c944438365ccecc9a8d1d64e6e8
-
SHA512
819e65feef603801ef28fd17a986085df277e5cb36c701a2471c00a4714ce51e376f4644ff9c264222bd35ec7192d4f62675673570a8633e330d337b921c1756
Static task
static1
Behavioral task
behavioral1
Sample
ordain.06.21.2021.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
ordain.06.21.2021.doc
Resource
win10v20210408
Malware Config
Extracted
gozi_ifsb
6000
authd.feronok.com
app.bighomegl.at
-
build
250204
-
exe_type
loader
-
server_id
580
Targets
-
-
Target
ordain.06.21.2021.doc
-
Size
49KB
-
MD5
13731c9cb360c300137bcb1779267f41
-
SHA1
cf816dc25baf65c92550452e3abe7f871af7f55a
-
SHA256
89816b893e66ff5eb9a42c14a2223e451e178c944438365ccecc9a8d1d64e6e8
-
SHA512
819e65feef603801ef28fd17a986085df277e5cb36c701a2471c00a4714ce51e376f4644ff9c264222bd35ec7192d4f62675673570a8633e330d337b921c1756
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-