General
-
Target
AgenziaEntrate.zip
-
Size
507B
-
Sample
230308-jv2dyaec8y
-
MD5
a69361ef6e25ae8829e5e5ec00fcf461
-
SHA1
57c704fa05da4d9ba66cd01abb87768506283a7f
-
SHA256
0284ebc8b81dd2894fbdb7ca298d1c2c85c41630b9b9ab99aed51aec86073aae
-
SHA512
d83b083384049ca937d0cd71aaca55d09f7a1c6f7089829c582eaf4fc75d1d0be579dd16dc58f14ed2935188b5abd3361d4beeba9797e769a14be517ba9fe0c6
Static task
static1
Behavioral task
behavioral1
Sample
AgenziaEntrate/AgenziaEntrate.url
Resource
win7-20230220-en
Malware Config
Extracted
gozi
7711
checklist.skype.com
62.173.138.6
89.117.37.146
46.8.210.82
89.116.227.15
31.41.44.51
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Extracted
gozi
Targets
-
-
Target
AgenziaEntrate/AgenziaEntrate.url
-
Size
191B
-
MD5
361301f6ad56d5f44ed70afcbf223df0
-
SHA1
1195b135d96ee1214531ba0c6146318f2524bea8
-
SHA256
2362e52e347d77a6b101b80057d9770e44a44599889385a83822625901631583
-
SHA512
394a2f7d97b7bd70e5827f0294deaee00a710fe931fad8a964ca6f694997de61a3dbd3f63e57a2f119733ea2150c5b1379a4f92b0d871f9714317cc67d9c8284
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-