General
-
Target
Contratto991.zip
-
Size
487B
-
Sample
230324-ng4z5adh77
-
MD5
2e10dd62f4a9c0e65e8b89348512ba3e
-
SHA1
375488048de003ce196799d4f51e26c8204adc54
-
SHA256
463174e74e8c212a4024f1ccc1bf4490d2ffe6d5ef9c573cc512c5b996adb437
-
SHA512
f913c60c4c5f104c29ce9f7e874d841e3a4ccbdee7e2440e0e321eed5697ad15a8a95799962fff5dfbdd61eaa166d884b47258300b7c362bc41ae8af99f2f7f7
Static task
static1
Behavioral task
behavioral1
Sample
Contratto/Contratto.url
Resource
win7-20230220-en
Malware Config
Extracted
gozi
Extracted
gozi
7716
checklist.skype.com
193.233.175.115
185.68.93.20
62.173.140.250
46.8.210.133
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
Contratto/Contratto.url
-
Size
189B
-
MD5
084628be20c0cc112964dc4efe6dbc93
-
SHA1
5535112912b97b970ba4b3b7d51896658beadb46
-
SHA256
2e93682935ab93fcb97ede1f8aba8076adf5e440a40a407a96f97c1b3af5188f
-
SHA512
8f2864a3c09fd7db9b390ef50e90bdd540455dec909ed8ed7afb681517b11c9dfbb5ab205b975103b9d3c0e6d44eca1a30c7af905593b5d72d6541b8b2bf6c8a
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-