General

  • Target

    18959d4a963b504cf56f16f7b8f9bdc0_NeikiAnalytics

  • Size

    163KB

  • Sample

    240511-tk815seg4y

  • MD5

    18959d4a963b504cf56f16f7b8f9bdc0

  • SHA1

    90558c083c02082858ae04c2452cb30638860411

  • SHA256

    d50d2611f0a8c835d9ef069c871fe9c83ae378c251eb98bcad880703dab9bec1

  • SHA512

    a867939d5518da99891797715c17fca93eec4b4b27e62c95a8a646229086b570499cfee34c191491c1fb0287e180dac16b441a55327bb6851e7735f01464a2fa

  • SSDEEP

    1536:PNpE5n5bYU5BH6KG4NQHjPOlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:7EyU5BaKG4NQGltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      18959d4a963b504cf56f16f7b8f9bdc0_NeikiAnalytics

    • Size

      163KB

    • MD5

      18959d4a963b504cf56f16f7b8f9bdc0

    • SHA1

      90558c083c02082858ae04c2452cb30638860411

    • SHA256

      d50d2611f0a8c835d9ef069c871fe9c83ae378c251eb98bcad880703dab9bec1

    • SHA512

      a867939d5518da99891797715c17fca93eec4b4b27e62c95a8a646229086b570499cfee34c191491c1fb0287e180dac16b441a55327bb6851e7735f01464a2fa

    • SSDEEP

      1536:PNpE5n5bYU5BH6KG4NQHjPOlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:7EyU5BaKG4NQGltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks