General
-
Target
59944e8c11bfc2d065ef88fca0a033313361ae424962c34573755da99badbf3f_JC.url
-
Size
192B
-
Sample
231004-wgyr4sfe78
-
MD5
c6c6f5a3d3e0444820d2865c7f1a07bc
-
SHA1
5f9c9620e315b09802e8e532f48195a9e60f2d2c
-
SHA256
59944e8c11bfc2d065ef88fca0a033313361ae424962c34573755da99badbf3f
-
SHA512
4a1a66efff8336bbde327c9256e6e473193c901bc47d1b7648bbfa29212490f3f47092ba060c47cc77a1e6952f6bf814346045d2d1c1eef556ba07d08f69c628
Static task
static1
Behavioral task
behavioral1
Sample
59944e8c11bfc2d065ef88fca0a033313361ae424962c34573755da99badbf3f_JC.url
Resource
win7-20230831-en
Malware Config
Extracted
gozi
Extracted
gozi
5050
185.247.184.139
62.72.33.155
incontroler.com
-
base_path
/jerry/
-
build
250260
-
exe_type
loader
-
extension
.bob
-
server_id
50
Extracted
gozi
5050
mifrutty.com
systemcheck.top
-
base_path
/pictures/
-
build
250260
-
exe_type
worker
-
extension
.bob
-
server_id
50
Targets
-
-
Target
59944e8c11bfc2d065ef88fca0a033313361ae424962c34573755da99badbf3f_JC.url
-
Size
192B
-
MD5
c6c6f5a3d3e0444820d2865c7f1a07bc
-
SHA1
5f9c9620e315b09802e8e532f48195a9e60f2d2c
-
SHA256
59944e8c11bfc2d065ef88fca0a033313361ae424962c34573755da99badbf3f
-
SHA512
4a1a66efff8336bbde327c9256e6e473193c901bc47d1b7648bbfa29212490f3f47092ba060c47cc77a1e6952f6bf814346045d2d1c1eef556ba07d08f69c628
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-