General
-
Target
af538c3dc01f29b373d6b4b190f1e4cf447709a4.doc
-
Size
50KB
-
Sample
210623-fx1s71m9yx
-
MD5
523ce06884c863bc132f5cf5efa9634e
-
SHA1
af538c3dc01f29b373d6b4b190f1e4cf447709a4
-
SHA256
9f4d687e8837346164d619f61e0d1354edfb080478e5bededcb652f0063af610
-
SHA512
4353927ad417c7c414f56e1440e69a718a08805802a204a48314d910d0b8827f332aa1bfc77175b80b59c6321f518ef2749dbdaf410c34993e775f27d32b8c6e
Malware Config
Extracted
gozi_ifsb
6000
gtr.antoinfer.com
app.bighomegl.at
-
build
250204
-
exe_type
loader
-
server_id
580
Targets
-
-
Target
af538c3dc01f29b373d6b4b190f1e4cf447709a4.doc
-
Size
50KB
-
MD5
523ce06884c863bc132f5cf5efa9634e
-
SHA1
af538c3dc01f29b373d6b4b190f1e4cf447709a4
-
SHA256
9f4d687e8837346164d619f61e0d1354edfb080478e5bededcb652f0063af610
-
SHA512
4353927ad417c7c414f56e1440e69a718a08805802a204a48314d910d0b8827f332aa1bfc77175b80b59c6321f518ef2749dbdaf410c34993e775f27d32b8c6e
Score10/10-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-