General
-
Target
c04c112d33bdc2f8f333e9d64e4b8a7daa14d3f6df84e5c3860866af48a1421d.doc
-
Size
526KB
-
Sample
220408-p8kagahger
-
MD5
b3a054e49f4d87490a8208a801567112
-
SHA1
d038a9bc0564167a299abe43382eb6c3ef6ee88e
-
SHA256
c04c112d33bdc2f8f333e9d64e4b8a7daa14d3f6df84e5c3860866af48a1421d
-
SHA512
b9082cc341e8b85c4755095e741cc1e83f79194d8bc801cf97933fac712e9d3198409534fcb76f011f97c0b8e88f03a164d37791020f9e75503e5713e859440d
Static task
static1
Malware Config
Extracted
gozi_rm3
-
build
300994
Targets
-
-
Target
c04c112d33bdc2f8f333e9d64e4b8a7daa14d3f6df84e5c3860866af48a1421d.doc
-
Size
526KB
-
MD5
b3a054e49f4d87490a8208a801567112
-
SHA1
d038a9bc0564167a299abe43382eb6c3ef6ee88e
-
SHA256
c04c112d33bdc2f8f333e9d64e4b8a7daa14d3f6df84e5c3860866af48a1421d
-
SHA512
b9082cc341e8b85c4755095e741cc1e83f79194d8bc801cf97933fac712e9d3198409534fcb76f011f97c0b8e88f03a164d37791020f9e75503e5713e859440d
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-