General
-
Target
Azienda.zip
-
Size
479B
-
Sample
230320-nt1s8sfc8x
-
MD5
7a92269fe67042883d7a4082076a9c4a
-
SHA1
76ba658ed389af9863b97a61aed7103c7a6045dc
-
SHA256
aadf94d677fc0710a44b7452368a04c791c154ee644147b58068a00711d98723
-
SHA512
572c00d10000449f1a52681c502bc38cd9517a747330dd29e0c301eda0c14c690ac65a56913815c85e6bbfebb7857d5769ce382dacca6204fc3ce591a6ca6001
Static task
static1
Behavioral task
behavioral1
Sample
Azienda/Azienda.url
Resource
win7-20230220-en
Malware Config
Extracted
gozi
7715
checklist.skype.com
62.173.142.81
193.233.175.113
109.248.11.184
212.109.218.26
185.68.93.7
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Extracted
gozi
Targets
-
-
Target
Azienda/Azienda.url
-
Size
194B
-
MD5
bde4ba445d37e5645bde6b7b14f7a2d4
-
SHA1
377244e0df6359a2a913753fb2f3600a770dc965
-
SHA256
15224adeae393be5d06378ed32605d677e8c529a395f9bf2ade9b0163d886c49
-
SHA512
b7ffa8d40f900a6a5409c481a2a25b63f219137a937f3ea188164c19340d333178eba1e237fce483e75f41d62a08c123bb713e2018152cf0e61ac961642de951
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-