General
-
Target
contratto.zip
-
Size
481B
-
Sample
230123-mmplysee8w
-
MD5
e448aee32a619ddcf5944181c1b09045
-
SHA1
1ef4517d43f60aa015b540c704f5c29db4001ca8
-
SHA256
aaf8dada953bf6b8e815b4f9d312ab86f6c21ddb10c82a274ca1d95ca54d1feb
-
SHA512
2e1de9297f95a13df450e8c6c09075748af6e808ad83e50d90ea995af4310f1cb0336257eb4f2955385719a40aa9a26cea94fd54c6881ae698520184b055c16f
Static task
static1
Behavioral task
behavioral1
Sample
contratto/contratto.url
Resource
win7-20221111-en
Malware Config
Extracted
gozi
Extracted
gozi
7707
checklist.skype.com
62.173.149.10
31.41.44.27
193.0.178.235
-
base_path
/drew/
-
build
250250
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
contratto/contratto.url
-
Size
196B
-
MD5
582020c54921b9635ea54ddefbf44431
-
SHA1
4e6e4537fd7c4de2a664e559c08fe2142adb8319
-
SHA256
c66981ec7d3867d2481ac3ba2cd40f63fdc29782de6d6cbc88fff9376d71d1d3
-
SHA512
df7d2e19d905bb00024c225d1bd83a4fd8617b9e23d5726721a05201b438f7ce9254b56fc7a4f58843faf174f5d71f351750ea6e7ea7fa11e3cc66b442715cf4
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-