General
-
Target
azienda.zip
-
Size
467B
-
Sample
230302-m3erpace95
-
MD5
ce158f81a7c100c9d29fd8ddf40e074d
-
SHA1
ff6fc8a0a18d80e26cab73802dc8aa4d3b287324
-
SHA256
c012156914003f60744671be38a8758aadc9aa3431d60ad8a1a05577c76ced1e
-
SHA512
42dd7d20fb50a608bda80cb99c82ad6e11fc8426972535392e4198e13dfe1384e80572c9ae2236b4cfd02b8f71b532b2d7bf9dfa0fd8217491ac40cf91ca1b54
Static task
static1
Behavioral task
behavioral1
Sample
azienda/azienda.url
Resource
win7-20230220-en
Malware Config
Extracted
gozi
7709
checklist.skype.com
62.173.141.252
31.41.44.33
109.248.11.112
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Extracted
gozi
Targets
-
-
Target
azienda/azienda.url
-
Size
192B
-
MD5
7c979eb1d63d67578329c6c9265046ef
-
SHA1
da995fa37d041a53c5f510370c314737ad1c23cc
-
SHA256
6537bdbd6b350022b95421209e5eb8cfd851a556904dd5b7b8a9189b21d40efb
-
SHA512
617b46a391ac42a93f68e4b4739a0ff9516d73e9761e6a4bc8194b6bb3d633350dcadc29d89bab179953c0908e526ea2a409fc6425c30fdd893a9b1d40c855a3
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-