General
-
Target
Agenzia_Entrate597.zip
-
Size
527B
-
Sample
230322-qb5qksah2s
-
MD5
ae0ae380b1707b948a4cbc8b3c4384f0
-
SHA1
f68a46f7f3d2a053da202fa0f8055094b7c3b051
-
SHA256
6e860515c58f9a90db038b974bd259580c5dc35d504085e9928ab7fcec56ec10
-
SHA512
7bba9c667e6562bce4cadad36f4908502c7873b0373c34c2c4e5d03d3df3b81363e0c06338b134b139b05032e03bb1be1c6892e215b6836027b878683601294c
Static task
static1
Behavioral task
behavioral1
Sample
Agenzia_Entrate/Agenzia_Entrate.url
Resource
win7-20230220-en
Malware Config
Extracted
gozi
7715
checklist.skype.com
62.173.142.50
31.41.44.87
109.248.11.217
212.109.218.151
5.44.45.83
62.173.142.81
193.233.175.113
109.248.11.184
212.109.218.26
185.68.93.7
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Extracted
gozi
Targets
-
-
Target
Agenzia_Entrate/Agenzia_Entrate.url
-
Size
194B
-
MD5
2e3efd45e12ebbb0307c66f9846db315
-
SHA1
ca9308c31a6bf36a784f6cf52396c7c66ae4a2db
-
SHA256
ef74e678ded46b0d5f69622154c95e5ea9f053cc9d0d47e10ca7b19a2b3e5981
-
SHA512
24b8355fd77b7894184b34319f2a735c76cd8dd1a12525777b179e92b74e2cb46ea733d39ce2cca068fd1f95834ceab951c8b2d2ee0c6e1c17e80610c6842f0d
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-