General
-
Target
Amministrazione919.zip
-
Size
349B
-
Sample
230928-qhta5ach73
-
MD5
f312f06d66bb5a302daea30684410101
-
SHA1
106082c767b9fde04dcbdd77dca182643afdab89
-
SHA256
aa4712ca5e79380311bb96371c1eeab894b4b73155d0d566d96bd71a554ae2cd
-
SHA512
29d1ced40dd3af29154e954cea2ced95bbf95b088ef6731eecdf41c579959e60bfb0c7b06b223ddd1b1c223bda83ea84687c9348313a34bbba63a502bd53f230
Static task
static1
Behavioral task
behavioral1
Sample
Amministrazione.url
Resource
win7-20230831-en
Malware Config
Extracted
gozi
Extracted
gozi
5050
netsecurez.com
whofoxy.com
mimemoa.com
ntcgo.com
-
base_path
/jerry/
-
build
250260
-
exe_type
loader
-
extension
.bob
-
server_id
50
Extracted
gozi
5050
31.41.44.79
185.248.144.203
netsecurez.com
whofoxy.com
-
base_path
/pictures/
-
build
250260
-
exe_type
worker
-
extension
.bob
-
server_id
50
Targets
-
-
Target
Amministrazione.url
-
Size
192B
-
MD5
91b01df174309ed2c53f214b38a3c817
-
SHA1
be006917a3451c90e81fb2778920de08e610d8d7
-
SHA256
31ce65f830e52f5b6d7e6c266d7841e11662e71d6715d5211776ebb91beb3ec4
-
SHA512
406d21df8b67083df3d70c3971feb506ee12903c33e3d03cd07e423ae1726dfffc6759d0f7da49f99a72f4044252dffa6107f5980effaa81279e5d909ec9e047
-
Dave packer
Detects executable using a packer named 'Dave' by the community, based on a string at the end.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-