General
-
Target
new_offer[2021.09.23_12-51].xlsb
-
Size
577KB
-
Sample
210923-tcvtjsegg3
-
MD5
f8baa37fe058abfc4961dd2861f8cff7
-
SHA1
0803db1ace419c076502c5cb2dc515192a543a49
-
SHA256
33bef7886db16838071d3294ddfa4413b13af1f3927ed429e9416a836d5759d0
-
SHA512
31cddc3c2268bb890a8454486d4d265608a42e9faca7bcb6e5fbdc876122cb69e95989f361f8e7accf2ad384e31503905b8560d135b1be780de3cb2434cc7f9d
Static task
static1
Behavioral task
behavioral1
Sample
new_offer[2021.09.23_12-51].xlsb
Resource
win7-en-20210920
Malware Config
Extracted
https://iqwasithealth.com/wp-content/uploads/2019/06/a435gfhs109.cms
Extracted
gozi_ifsb
1500
apt.updateffboruse.com
app.updatebrouser.com
-
build
250211
-
exe_type
loader
-
server_id
580
Targets
-
-
Target
new_offer[2021.09.23_12-51].xlsb
-
Size
577KB
-
MD5
f8baa37fe058abfc4961dd2861f8cff7
-
SHA1
0803db1ace419c076502c5cb2dc515192a543a49
-
SHA256
33bef7886db16838071d3294ddfa4413b13af1f3927ed429e9416a836d5759d0
-
SHA512
31cddc3c2268bb890a8454486d4d265608a42e9faca7bcb6e5fbdc876122cb69e95989f361f8e7accf2ad384e31503905b8560d135b1be780de3cb2434cc7f9d
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-