General

  • Target

    c69fd2e9d5c3f7bdaa98540902ae5180_NEIKI

  • Size

    163KB

  • Sample

    240508-qsyzcshd47

  • MD5

    c69fd2e9d5c3f7bdaa98540902ae5180

  • SHA1

    9b4eca0d77c7211d69e66853c19ff42dd0e683f9

  • SHA256

    9f54f96b50cae91654b71861e3358733262e95ab301806d440359ff7cf5e3b06

  • SHA512

    fc0ee9b2b85116979d7e3314d12513ebc40fc42a6a56a10118045faea601ade1e5299e9d1a2e0ee7ce98a119b2ea904879b218cb702b922ec24532964cdd463e

  • SSDEEP

    1536:PnVDNkEeC0XD3AlvI/Z2t2poXlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:PwUcUghYqoXltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      c69fd2e9d5c3f7bdaa98540902ae5180_NEIKI

    • Size

      163KB

    • MD5

      c69fd2e9d5c3f7bdaa98540902ae5180

    • SHA1

      9b4eca0d77c7211d69e66853c19ff42dd0e683f9

    • SHA256

      9f54f96b50cae91654b71861e3358733262e95ab301806d440359ff7cf5e3b06

    • SHA512

      fc0ee9b2b85116979d7e3314d12513ebc40fc42a6a56a10118045faea601ade1e5299e9d1a2e0ee7ce98a119b2ea904879b218cb702b922ec24532964cdd463e

    • SSDEEP

      1536:PnVDNkEeC0XD3AlvI/Z2t2poXlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:PwUcUghYqoXltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks