General
-
Target
impresa145.zip
-
Size
333B
-
Sample
231003-m6t1sabh66
-
MD5
5ff7577d70a6e1f1ce749180a06a4621
-
SHA1
37ca94eefd3af02f638a6ea601a4088f204771ed
-
SHA256
8591ffc132683cf4b3ae634ca29847788d15bbced677e02770b4cdb2e6e4192b
-
SHA512
288d3854efe81b8fbea529de09f75670fcaa73532678e9c67456d3fdbe3019278be4707b24b957651316c1594155f30b18bf3a48ad8021e6ee48c7e473a7ec01
Static task
static1
Behavioral task
behavioral1
Sample
impresa.url
Resource
win7-20230831-en
Malware Config
Extracted
gozi
Extracted
gozi
5050
46.8.210.250
31.41.44.9
185.247.184.139
62.72.33.155
-
base_path
/jerry/
-
build
250260
-
exe_type
loader
-
extension
.bob
-
server_id
50
Targets
-
-
Target
impresa.url
-
Size
192B
-
MD5
52aa02b4f67f2f504fcb991e6d094e58
-
SHA1
87e772a1597eba6b20bb750fd79c9ac30738229a
-
SHA256
8bb04ebea49b92e090b777efedfa44c8aa881a5531a0791f7f2404d0d50f9963
-
SHA512
e5baa8bbce30f1ca6c64705b9145454857c02f2a27308fc27b07c145517cbd3ccbde2cb57f94459df9fe4311a82cb3607f097a6219286f1d9eca44b953d54be4
-
Dave packer
Detects executable using a packer named 'Dave' by the community, based on a string at the end.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-