General

  • Target

    a1daf4263f026b04b437189e42b18220_NeikiAnalytics

  • Size

    163KB

  • Sample

    240511-jme6qshb27

  • MD5

    a1daf4263f026b04b437189e42b18220

  • SHA1

    192130c739466e3c17b73b38411019f66c214279

  • SHA256

    5cfce5f1ccaaee9b6fb877bc38a4c38544266708ae1afc37ae344b6f443c4782

  • SHA512

    8b5d4d1a6b058702917e42e39a39b587a3d45bd74d1da408a1f7e96e03ab8a6d5b208a2b90a2d97169c30e6e91333ce5c8fb464ed03b6c136127bc5c82242edb

  • SSDEEP

    1536:PKYA0mN68JQtFiJwJMG6tVznapBJlgmlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNy:+bN6TSznap7GmltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      a1daf4263f026b04b437189e42b18220_NeikiAnalytics

    • Size

      163KB

    • MD5

      a1daf4263f026b04b437189e42b18220

    • SHA1

      192130c739466e3c17b73b38411019f66c214279

    • SHA256

      5cfce5f1ccaaee9b6fb877bc38a4c38544266708ae1afc37ae344b6f443c4782

    • SHA512

      8b5d4d1a6b058702917e42e39a39b587a3d45bd74d1da408a1f7e96e03ab8a6d5b208a2b90a2d97169c30e6e91333ce5c8fb464ed03b6c136127bc5c82242edb

    • SSDEEP

      1536:PKYA0mN68JQtFiJwJMG6tVznapBJlgmlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNy:+bN6TSznap7GmltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks