General
-
Target
docs,06.21.doc
-
Size
50KB
-
Sample
210623-3xhp1q5k9s
-
MD5
a75fa282ba05937f43c4425e548f1d5c
-
SHA1
565ca43482c76d02eb4f5e55deb2af53dfa3b8db
-
SHA256
266d88e6796be43f470e11e7da3fb0f63127dc747513d297c50d75148b353602
-
SHA512
6343c053c5cca9f6e4b9e4b157c19aba9c47cc1722e4b8a158009cce7c7a8cb88dc3cbb95581888c76fd708c1d8c212dca1a5dc9a393594957fb7f6602c119f5
Malware Config
Extracted
gozi_ifsb
6000
gtr.antoinfer.com
app.bighomegl.at
-
build
250204
-
exe_type
loader
-
server_id
580
Targets
-
-
Target
docs,06.21.doc
-
Size
50KB
-
MD5
a75fa282ba05937f43c4425e548f1d5c
-
SHA1
565ca43482c76d02eb4f5e55deb2af53dfa3b8db
-
SHA256
266d88e6796be43f470e11e7da3fb0f63127dc747513d297c50d75148b353602
-
SHA512
6343c053c5cca9f6e4b9e4b157c19aba9c47cc1722e4b8a158009cce7c7a8cb88dc3cbb95581888c76fd708c1d8c212dca1a5dc9a393594957fb7f6602c119f5
Score10/10-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-