General
-
Target
0DIhwed2_g4MWK8097.zip
-
Size
298KB
-
Sample
210914-yyj2dsgcb7
-
MD5
750965e0f495513cb3c99d422f770c8d
-
SHA1
1526639b65b4dd208d2c6d118cc80b792bffbc8b
-
SHA256
6284645bd98d27e05650ff3a09af5a013e9970ecd7471116ec77365eed375cf5
-
SHA512
49a42d2993af8165a78440fbfc00422c071e25b09f4eff290fe08e8f2add285e1366ffe51f0310eb7a14501aa4cf38bdd321ff22eba96b1ca275dca9f05553c9
Behavioral task
behavioral1
Sample
Bill[8097].xlsb
Resource
win7-en
Malware Config
Extracted
http://94.140.115.233
Extracted
gozi_ifsb
1500
atl.bigbigpoppa.com
pop.urlovedstuff.com
-
build
250211
-
exe_type
loader
-
server_id
580
Targets
-
-
Target
Bill[8097].xlsb
-
Size
307KB
-
MD5
7443f90c24a84c39814f305fbad23030
-
SHA1
e871da2d5a3cd9f88d4cccb26971036e70891963
-
SHA256
580523804caad17ee6aaa56bd42d2525150a3970e790396b9131519df88366b9
-
SHA512
aa68e34d3a72e49b32f77555ef32890dfae203429a824098c55d3cd55af6a70347f56a6408121909e966a6408352142abce42efb0239c1e2126850c2d4aa36ef
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-