General
-
Target
Agenzia27.zip
-
Size
479B
-
Sample
230322-qb5qksgh74
-
MD5
ecd46cdc9dbe7430391afb524d2ee2ef
-
SHA1
35ae9dca0c22afeb19b541145e61297f6dc260bb
-
SHA256
977bb6a4ed4d96674a9194be41d969b178b639c3c04266a0f0e99315d9b84fe9
-
SHA512
01e9e508f1152a6c0557fecd39ab64dd78314ee11a35c4bc420c5aa5a34fbee08f19be4928fc0fabcf061a263226a8f0efd6c8c2275dfcbad13b417684ae2505
Static task
static1
Behavioral task
behavioral1
Sample
Agenzia/Agenzia.url
Resource
win7-20230220-en
Malware Config
Extracted
gozi
7715
checklist.skype.com
62.173.142.50
31.41.44.87
109.248.11.217
212.109.218.151
5.44.45.83
62.173.142.81
193.233.175.113
109.248.11.184
212.109.218.26
185.68.93.7
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Extracted
gozi
Targets
-
-
Target
Agenzia/Agenzia.url
-
Size
194B
-
MD5
2e3efd45e12ebbb0307c66f9846db315
-
SHA1
ca9308c31a6bf36a784f6cf52396c7c66ae4a2db
-
SHA256
ef74e678ded46b0d5f69622154c95e5ea9f053cc9d0d47e10ca7b19a2b3e5981
-
SHA512
24b8355fd77b7894184b34319f2a735c76cd8dd1a12525777b179e92b74e2cb46ea733d39ce2cca068fd1f95834ceab951c8b2d2ee0c6e1c17e80610c6842f0d
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-