General
-
Target
e798fb0280fbc91cbb32234af0c55c4c6e16f528f8282057e334c2055ac07d13_JC.url
-
Size
192B
-
Sample
231004-xjz9dseb8s
-
MD5
aa05bdf7862a64f54d6e281944fb0f51
-
SHA1
60fe537372be17e284f0121f5da307325da6ca92
-
SHA256
e798fb0280fbc91cbb32234af0c55c4c6e16f528f8282057e334c2055ac07d13
-
SHA512
e471d9b97fc022e3a769a936f37590da9e3f32e76fb5934ffea91ef8c1fb39f719330cb5299fbb38272bb5b34aac8e28ab05bc2180478eb1bca839911a87a302
Static task
static1
Behavioral task
behavioral1
Sample
e798fb0280fbc91cbb32234af0c55c4c6e16f528f8282057e334c2055ac07d13_JC.url
Resource
win7-20230831-en
Malware Config
Extracted
gozi
Extracted
gozi
5050
185.247.184.139
62.72.33.155
incontroler.com
-
base_path
/jerry/
-
build
250260
-
exe_type
loader
-
extension
.bob
-
server_id
50
Extracted
gozi
5050
mifrutty.com
systemcheck.top
-
base_path
/pictures/
-
build
250260
-
exe_type
worker
-
extension
.bob
-
server_id
50
Targets
-
-
Target
e798fb0280fbc91cbb32234af0c55c4c6e16f528f8282057e334c2055ac07d13_JC.url
-
Size
192B
-
MD5
aa05bdf7862a64f54d6e281944fb0f51
-
SHA1
60fe537372be17e284f0121f5da307325da6ca92
-
SHA256
e798fb0280fbc91cbb32234af0c55c4c6e16f528f8282057e334c2055ac07d13
-
SHA512
e471d9b97fc022e3a769a936f37590da9e3f32e76fb5934ffea91ef8c1fb39f719330cb5299fbb38272bb5b34aac8e28ab05bc2180478eb1bca839911a87a302
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-