General

  • Target

    b4237abff4f55493b1b213b55bad77e0_NEIKI

  • Size

    245KB

  • Sample

    240509-a9zzzsbg33

  • MD5

    b4237abff4f55493b1b213b55bad77e0

  • SHA1

    43dcb44ceaa10634f895e1fc37f94c3bf3fadacf

  • SHA256

    defe60c734682f3a7e39c8b5b07841140ca2b9d6a9b288725b097d14021d7abc

  • SHA512

    764e37f5868f8b5ce0f8ee30b4280f9e1929895e8a976e237384d6178d6692cb851563e241ac221197b344a8983484398057f91f8f8775486a25095c99b6bad7

  • SSDEEP

    1536:5ia0LidlVt185lEdOxeG1bDgTD5WweLrRX/4cXeXvubKrFEwMEwKhbArEwKhQL4Z:8adn1l8xCTArRXwago+bAr+Qka

Malware Config

Extracted

Family

gozi

Targets

    • Target

      b4237abff4f55493b1b213b55bad77e0_NEIKI

    • Size

      245KB

    • MD5

      b4237abff4f55493b1b213b55bad77e0

    • SHA1

      43dcb44ceaa10634f895e1fc37f94c3bf3fadacf

    • SHA256

      defe60c734682f3a7e39c8b5b07841140ca2b9d6a9b288725b097d14021d7abc

    • SHA512

      764e37f5868f8b5ce0f8ee30b4280f9e1929895e8a976e237384d6178d6692cb851563e241ac221197b344a8983484398057f91f8f8775486a25095c99b6bad7

    • SSDEEP

      1536:5ia0LidlVt185lEdOxeG1bDgTD5WweLrRX/4cXeXvubKrFEwMEwKhbArEwKhQL4Z:8adn1l8xCTArRXwago+bAr+Qka

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks