General
-
Target
impresa.zip
-
Size
465B
-
Sample
230308-jpbw4aec6s
-
MD5
6cb213ffca1cae480757990e6ec59b59
-
SHA1
fc13c7741afeb9535031d2cd85c8fcccec990e6b
-
SHA256
b883d0faf8a9f2396a311b6005ab68073ff0e6a09cafbdc7b58a8439d52409a1
-
SHA512
3621b9bf8509a039b7b7f9c8a73ddad0542b84c273b30d899a10a0d5edab46f6b12441b3f4a381c7dce3ef46812cfa9252101f7f77bdf1c6a2f39e4c72c1c0db
Static task
static1
Behavioral task
behavioral1
Sample
impresa/impresa.url
Resource
win7-20230220-en
Malware Config
Extracted
gozi
Extracted
gozi
7711
checklist.skype.com
62.173.138.6
89.117.37.146
46.8.210.82
89.116.227.15
31.41.44.51
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
impresa/impresa.url
-
Size
191B
-
MD5
361301f6ad56d5f44ed70afcbf223df0
-
SHA1
1195b135d96ee1214531ba0c6146318f2524bea8
-
SHA256
2362e52e347d77a6b101b80057d9770e44a44599889385a83822625901631583
-
SHA512
394a2f7d97b7bd70e5827f0294deaee00a710fe931fad8a964ca6f694997de61a3dbd3f63e57a2f119733ea2150c5b1379a4f92b0d871f9714317cc67d9c8284
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-