General
-
Target
Funzioni237.zip
-
Size
485B
-
Sample
230322-qb3wzsgh72
-
MD5
c251ceceb7a32f7ff839635b18c0c97e
-
SHA1
5ef4bd64808926101c1de5c4208604584cc69b2b
-
SHA256
9e33623ce66d8c4154af374dbea6ad918d26f7aef0a0bef9591ca79351c68542
-
SHA512
f667c33c6bdcd3095cd13d0d374a295e2432f6b3deb340709041acb5f33a8e9b9a89daa0ea6dfe11f6f49f6a258197580035ede012308ef4c76aeffcc071027c
Static task
static1
Behavioral task
behavioral1
Sample
Funzioni/Funzioni.url
Resource
win7-20230220-en
Malware Config
Extracted
gozi
7715
checklist.skype.com
62.173.142.50
31.41.44.87
109.248.11.217
212.109.218.151
5.44.45.83
62.173.142.81
193.233.175.113
109.248.11.184
212.109.218.26
185.68.93.7
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Extracted
gozi
Targets
-
-
Target
Funzioni/Funzioni.url
-
Size
194B
-
MD5
1b6b88b4f8da87f1524d77166c9a01dd
-
SHA1
a4abf24eda19bf997e2de103c6d0cb3675f225e0
-
SHA256
5ed9e8b1e7ca4c6ecce0929514d0f195d4202809a3e933e06f2af0f7eba53d8b
-
SHA512
5de1d7a44aa0cea83bc48feaadb712779f1971878d839ab0cf1c310cc40391ea0c6660a939a90c94a1d1f4f5a465bbd746533c3f34b68f2bde5a8d0ed883d04d
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-