General
-
Target
cliente.zip
-
Size
465B
-
Sample
230308-js5ctaec7z
-
MD5
a25fd6398652e6f3e8b8b52ad56ccd45
-
SHA1
09853ef46474583df92630d5ed6d517e32b5cc85
-
SHA256
6a11b49472e5ea497098f11ab66bde3fb6fa1a6762b73cf08f1dfa83efae22e6
-
SHA512
06a6c067891ffb2d4d319162bbcc848395e13fcc357c5cec09dcf3656e45d3ea74eaebfe6e505d8ba9dc1df79e8f005b9cd5a51abde14aacbe1e713c18ce1f18
Static task
static1
Behavioral task
behavioral1
Sample
cliente/cliente.url
Resource
win7-20230220-en
Malware Config
Extracted
gozi
Extracted
gozi
7711
checklist.skype.com
62.173.138.6
89.117.37.146
46.8.210.82
89.116.227.15
31.41.44.51
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
cliente/cliente.url
-
Size
191B
-
MD5
361301f6ad56d5f44ed70afcbf223df0
-
SHA1
1195b135d96ee1214531ba0c6146318f2524bea8
-
SHA256
2362e52e347d77a6b101b80057d9770e44a44599889385a83822625901631583
-
SHA512
394a2f7d97b7bd70e5827f0294deaee00a710fe931fad8a964ca6f694997de61a3dbd3f63e57a2f119733ea2150c5b1379a4f92b0d871f9714317cc67d9c8284
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-