General
-
Target
Agenzia.zip
-
Size
475B
-
Sample
230314-j5mnjagd4v
-
MD5
a6dd4b0b675c913bdb6626ace07b7d6a
-
SHA1
892b2de82045ccda288210d8158391b947fbf0bb
-
SHA256
1fede186e9d9666ce4eff1882ce3bdca66c9a121ea9773d8e57747912e8ad57e
-
SHA512
6bd32596bbbb299f3a1d51d26b3541b6b276267cefe89bdef2ec91b09482c98de6e38840684b48d8728e2400899bb6ca36f2b043ecd1ebd05454e5d8ff26b752
Static task
static1
Behavioral task
behavioral1
Sample
Agenzia/Agenzia.txt.url
Resource
win7-20230220-en
Malware Config
Extracted
gozi
7713
checklist.skype.com
62.173.142.51
94.103.183.153
193.233.175.111
109.248.11.145
31.41.44.106
191.96.251.201
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Extracted
gozi
Targets
-
-
Target
Agenzia/Agenzia.txt.url
-
Size
195B
-
MD5
cc689d7d4fa6905ebc5958630848fa00
-
SHA1
3d0ca3eeb7a45d2367b0693188ba99cf68f6a520
-
SHA256
67f14cb9d372a7a295a96a82f2eab679b7373f3613df6b8dcf9434482047caa1
-
SHA512
974c9c969029636eb6db168cc65ddaed096b2695815107f8f0c14da0ab419c7ac25c76a8f16eeaad03102efcd918991f11e7a9685a1fb94a851280349862efdd
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-