General

  • Target

    326e0da90b9e42534e7529d4b241ad00_NEIKI

  • Size

    163KB

  • Sample

    240507-zwejkaae58

  • MD5

    326e0da90b9e42534e7529d4b241ad00

  • SHA1

    7fc98354a66f2a239240bedd368ab4bbc0123d80

  • SHA256

    591de6224f10f5b7e1036a28956b5754444294067b27cd8640df1ab6b685da2d

  • SHA512

    8884cce6f57d6c52f4be3455b32b831c06a12cf1e89d0b1c8fd6b631a0f720a08c0058ddeb33a0599bd9b0d241d1204fa49d12f4e24ef0e12b4e1ae0b3147ec4

  • SSDEEP

    1536:P539n1FxoiIUVnhWuoFFhkSk0flProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:Bx1voiXaHJfltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      326e0da90b9e42534e7529d4b241ad00_NEIKI

    • Size

      163KB

    • MD5

      326e0da90b9e42534e7529d4b241ad00

    • SHA1

      7fc98354a66f2a239240bedd368ab4bbc0123d80

    • SHA256

      591de6224f10f5b7e1036a28956b5754444294067b27cd8640df1ab6b685da2d

    • SHA512

      8884cce6f57d6c52f4be3455b32b831c06a12cf1e89d0b1c8fd6b631a0f720a08c0058ddeb33a0599bd9b0d241d1204fa49d12f4e24ef0e12b4e1ae0b3147ec4

    • SSDEEP

      1536:P539n1FxoiIUVnhWuoFFhkSk0flProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:Bx1voiXaHJfltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks