General
-
Target
documenti.zip
-
Size
478B
-
Sample
230308-jq7edseg29
-
MD5
6819542f5ba2af5646bd5b5dda64daa4
-
SHA1
d52e092cf7c92d257dc0553321b322931b582ac2
-
SHA256
cac82566e9167dc82b09308d05194bfc1ce6441a27b51756024c8b6477d75401
-
SHA512
6eab608b4db4aa9811d0428e2d753f84e8b0814af2840222bf83ad39f052560438c1740d7181a189711d255e5b832191724d4734f0df832d62b6102226a6f2e9
Static task
static1
Behavioral task
behavioral1
Sample
documenti/documenti.url
Resource
win7-20230220-en
Malware Config
Extracted
gozi
7711
checklist.skype.com
62.173.138.6
89.117.37.146
46.8.210.82
89.116.227.15
31.41.44.51
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Extracted
gozi
Targets
-
-
Target
documenti/documenti.url
-
Size
191B
-
MD5
c57ce09111a84d1110b24a8505ff5804
-
SHA1
9fd1e2577f10a24c2678803e073d35e41b551eb2
-
SHA256
257413c17f63500a76f9d0216a8dee283021299a61dc0539e6e870fd5d78177b
-
SHA512
71cf1e5d069a75be84cfcaf82479fb037e75055c05e94ad212453769288b1e3b194156fad802619b0850c9e9abb3c045600779de234b8b51505b1a54f46b7c84
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-