General

  • Target

    27204612dbfdb16a79b41c037cd4e6a0_NeikiAnalytics

  • Size

    163KB

  • Sample

    240511-wv9frsah51

  • MD5

    27204612dbfdb16a79b41c037cd4e6a0

  • SHA1

    566f2b42590472ed4c07951701fcaced75d853e2

  • SHA256

    2ae4b6af7c86f85aac8c17fbb61dfd1807492271201fa36a98fa9f1bc7c23e04

  • SHA512

    1a30748b4639503cb6c54c5b641e464ee4692706f87e99b5fc7ae80f3ff2017b3f30bdbf2dc15fc56c77e79de93d84ebb37652334a7f429fbb794bce146a9fb4

  • SSDEEP

    3072:xthsR3FkI1yNAq6QXUM1hCltOrWKDBr+yJb:xe3FdzQXxCLOf

Malware Config

Extracted

Family

gozi

Targets

    • Target

      27204612dbfdb16a79b41c037cd4e6a0_NeikiAnalytics

    • Size

      163KB

    • MD5

      27204612dbfdb16a79b41c037cd4e6a0

    • SHA1

      566f2b42590472ed4c07951701fcaced75d853e2

    • SHA256

      2ae4b6af7c86f85aac8c17fbb61dfd1807492271201fa36a98fa9f1bc7c23e04

    • SHA512

      1a30748b4639503cb6c54c5b641e464ee4692706f87e99b5fc7ae80f3ff2017b3f30bdbf2dc15fc56c77e79de93d84ebb37652334a7f429fbb794bce146a9fb4

    • SSDEEP

      3072:xthsR3FkI1yNAq6QXUM1hCltOrWKDBr+yJb:xe3FdzQXxCLOf

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks