General
-
Target
Direzione.zip
-
Size
329B
-
Sample
231006-qhta5abh3y
-
MD5
1f1fe2e8849b8b0d1b6854093a9ba139
-
SHA1
cb6a567070ba9bb0f2c7b13b239c3f62aea788fb
-
SHA256
121b856e931732998abebc2716e3794e434e9329463a1a023b6f29c51d7034de
-
SHA512
3b14356a4f41183b55d6194d6d3013ff2ca4f090efb4de94d9157ab46703781e7a2c63f26579c07bf0735acb5399745965474ffe9c8718897e2cefebcf1fc2a4
Static task
static1
Behavioral task
behavioral1
Sample
Direzione.url
Resource
win7-20230831-en
Malware Config
Extracted
http://communicalink.com/index.php
Extracted
gozi
Extracted
gozi
5050
mifrutty.com
-
base_path
/jerry/
-
build
250260
-
exe_type
loader
-
extension
.bob
-
server_id
50
Extracted
gozi
5050
mifrutty.com
systemcheck.top
-
base_path
/pictures/
-
build
250260
-
exe_type
worker
-
extension
.bob
-
server_id
50
Targets
-
-
Target
Direzione.url
-
Size
198B
-
MD5
a01b0f3d5e1f18dc90623bc4f490f444
-
SHA1
0b4c08612e5b1cb5c4eabdda73ac8a6a017a0a48
-
SHA256
c20129af33139bf212fc3258d2701201e7e1120262890b952314a9068b52aca4
-
SHA512
089308e776a49953b42741a1d129b7d6bc941df02d8bf052bad9a2256f21bd9402153524ebb910a3f01927f50b4ca82364e5b11b72301ed01c1c56056db7658b
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-