General
-
Target
ef10953eb52b6f02587b99cfc4233603a6f63e653a71ab9d41c6ba66d2f199c6
-
Size
716KB
-
Sample
220201-kr78raccg8
-
MD5
fd2b80c12744d7e6cc6d74888f006e02
-
SHA1
34e39cab67be1fc2964d7295290c7d79832ecf13
-
SHA256
ef10953eb52b6f02587b99cfc4233603a6f63e653a71ab9d41c6ba66d2f199c6
-
SHA512
82d6089b57466fba81d9038136839390d74383f7566a31aaace1cc55907042079089e53c00edba649a98126edb57775dafde4b80da642a739226c133f18548b8
Behavioral task
behavioral1
Sample
ef10953eb52b6f02587b99cfc4233603a6f63e653a71ab9d41c6ba66d2f199c6.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
ef10953eb52b6f02587b99cfc4233603a6f63e653a71ab9d41c6ba66d2f199c6.dll
Resource
win10v2004-en-20220113
Malware Config
Extracted
gozi_ifsb
1500
gtr.antoinfer.com
app.bighomegl.at
-
build
250211
-
exe_type
loader
-
server_id
580
Targets
-
-
Target
ef10953eb52b6f02587b99cfc4233603a6f63e653a71ab9d41c6ba66d2f199c6
-
Size
716KB
-
MD5
fd2b80c12744d7e6cc6d74888f006e02
-
SHA1
34e39cab67be1fc2964d7295290c7d79832ecf13
-
SHA256
ef10953eb52b6f02587b99cfc4233603a6f63e653a71ab9d41c6ba66d2f199c6
-
SHA512
82d6089b57466fba81d9038136839390d74383f7566a31aaace1cc55907042079089e53c00edba649a98126edb57775dafde4b80da642a739226c133f18548b8
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Sets service image path in registry
-