General
-
Target
Amministrazione.zip
-
Size
338B
-
Sample
231012-rezjeadc9s
-
MD5
165b9ec41dee0d73753cbfdb1aff40fe
-
SHA1
fb15237ed63c89b40814601323ce4611f33dff12
-
SHA256
d41c8abde6e6d580b654de86d4936aa6969c05b2f0ae5a37be72b0adddf3c1e5
-
SHA512
356e056c611e6355205594e2922c48c4b52320073d4437d15c1299727801e3759b79721a84aa57274fe9662816049474b940dd2141e237f49b8d7d988afd5705
Static task
static1
Behavioral task
behavioral1
Sample
Amministrazione.url
Resource
win7-20230831-en
Malware Config
Extracted
gozi
Extracted
gozi
5050
fotexion.com
-
base_path
/jerry/
-
build
250260
-
exe_type
loader
-
extension
.bob
-
server_id
50
Targets
-
-
Target
Amministrazione.url
-
Size
195B
-
MD5
ba89826b4115e395e16cb5a1f88b8509
-
SHA1
9638d1cb1dde598f6b6e6d165f193c972ba3c229
-
SHA256
e27258c5b05fba296137f8639082a4879f8795b3d3906788e36b59d74eb18062
-
SHA512
bd348e28231532bea645759b0d0d0ee6a41f83ad4104b3284728bdbfd296080e9540d2a18160f88cd2db0b33797ba7813607860aa92f4bce93c7434ba92f138f
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-