General

  • Target

    588301484f2eb6fdbd2f8acfae770f60_NeikiAnalytics

  • Size

    163KB

  • Sample

    240512-b57ppsdf42

  • MD5

    588301484f2eb6fdbd2f8acfae770f60

  • SHA1

    08079c46fde778954d9dde00415b5142657fe324

  • SHA256

    581e17a4a3012eaed8a420282a586ed3d140ab0b1c7c970f10754291a5cacef4

  • SHA512

    99a2a1e5fa3b8223632bbe24fa2f6251b0d22a9630a9ca8ebbc45b6e3b2b54c808e59b94e40c4139d764678e80ea8338c0e557b6d475620b7463f848c30b81be

  • SSDEEP

    3072:8LV/ukG4k4oDyf2MDzrltOrWKDBr+yJb:8LVW/34oDyRzrLOf

Malware Config

Extracted

Family

gozi

Targets

    • Target

      588301484f2eb6fdbd2f8acfae770f60_NeikiAnalytics

    • Size

      163KB

    • MD5

      588301484f2eb6fdbd2f8acfae770f60

    • SHA1

      08079c46fde778954d9dde00415b5142657fe324

    • SHA256

      581e17a4a3012eaed8a420282a586ed3d140ab0b1c7c970f10754291a5cacef4

    • SHA512

      99a2a1e5fa3b8223632bbe24fa2f6251b0d22a9630a9ca8ebbc45b6e3b2b54c808e59b94e40c4139d764678e80ea8338c0e557b6d475620b7463f848c30b81be

    • SSDEEP

      3072:8LV/ukG4k4oDyf2MDzrltOrWKDBr+yJb:8LVW/34oDyRzrLOf

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks