General

  • Target

    3091765998c75b3ebe3b4af000b3a270_NEIKI

  • Size

    163KB

  • Sample

    240507-zr631sfe5z

  • MD5

    3091765998c75b3ebe3b4af000b3a270

  • SHA1

    7e7705fe2899abae5ab54731407ffdeb806ae8f8

  • SHA256

    a54676ea80b73edca7606157254c819d35d48c8c65591fc0d3ef9f4f679c471b

  • SHA512

    f5ae138fce6930444982f3cda43fe8a7777f8249c4a25bae880db395e2b3242c7347ca11cf1a351fa2b3d212d73755a1403c18ec6cff81b78be416e6f7ca2865

  • SSDEEP

    3072:HIL2SZRs2khq1IEXKkAbDltOrWKDBr+yJb:or8DLOf

Malware Config

Extracted

Family

gozi

Targets

    • Target

      3091765998c75b3ebe3b4af000b3a270_NEIKI

    • Size

      163KB

    • MD5

      3091765998c75b3ebe3b4af000b3a270

    • SHA1

      7e7705fe2899abae5ab54731407ffdeb806ae8f8

    • SHA256

      a54676ea80b73edca7606157254c819d35d48c8c65591fc0d3ef9f4f679c471b

    • SHA512

      f5ae138fce6930444982f3cda43fe8a7777f8249c4a25bae880db395e2b3242c7347ca11cf1a351fa2b3d212d73755a1403c18ec6cff81b78be416e6f7ca2865

    • SSDEEP

      3072:HIL2SZRs2khq1IEXKkAbDltOrWKDBr+yJb:or8DLOf

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks