Extracted

• • Target

    1c1919387b258aaf747a299ca359b720_NeikiAnalytics

  • Size

    163KB

  • MD5

    1c1919387b258aaf747a299ca359b720

  • SHA1

    fdedab656f21fa3cc48b1b74605d8c56154afe6a

  • SHA256

    abe2497fa80ac2bc872dfaf255ab701cf44da7e1661f0b3d9ebbaa3cd4709b82

  • SHA512

    9e6990abd6046c8242d13962a174ae2bfb3cefd5208fccc863c14641a2bfaae08a2326f2bf5d5530779310c7ff70f8ce062de4a84cf0563d6f7f405961ac2691

  • SSDEEP

    3072:+C1Q55lCdO4DSIbhDqPHltOrWKDBr+yJb:Re5bCdOeS0DwHLOf

  Score

  10^/10

  persistencegozibankerisfbtrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2