General
-
Target
Agenzia_Entrate.zip
-
Size
6.2MB
-
Sample
230307-r5legahh4x
-
MD5
a8c9d5897c142b17d66b1a5f5069cd97
-
SHA1
92dc5129f1245a491ee4620fd444f9de1c2712ea
-
SHA256
a6b36cc075ec92cbb60edc6e8486f5bdbaea8d66b3e0475a5d4ea9898d4b20bd
-
SHA512
ad961aad2acc32b55c7dae6578539823739d4c11ef4b2d2b7d90c074e6a12a1f39453ce7a91c5b9712569365b25c4769328992e78f7fcf11c2fcf653a237fc19
-
SSDEEP
196608:Fn8eL/NMx4iJ5RdTvwt/q3e00kwBCtkSk:F8KNW4I5RdTvwt/oe00dEy3
Static task
static1
Malware Config
Extracted
gozi
Extracted
gozi
7709
checklist.skype.com
62.173.141.252
31.41.44.33
109.248.11.112
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
Informazione_Azienda.exe
-
Size
716.5MB
-
MD5
6b2289e478ba947fcdf3162d7dfcc866
-
SHA1
6ddee30e77c993cc3c7bd7448115b0910ac35f02
-
SHA256
360662fe225833af7db84c550f8fb9f7afe7333a9b0e2ca436c9c242d9a87975
-
SHA512
b1334513bd3febd6e2408404fd63d3f59ed6261f28d045686b21ef7f71f9952affef9a72021f7a541fb6b689016c3344c8907a98dd7ce4d1ed9f32ca43f8aebe
-
SSDEEP
24576:HJqQKnVYxHs6MxrRcnWOVY1st7Xm1KoY9x:QVYNs6yRc6stKR+
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-