General

  • Target

    1b9902e7b910d2481fcb44d809250820_NeikiAnalytics

  • Size

    163KB

  • Sample

    240512-rk1cwsda89

  • MD5

    1b9902e7b910d2481fcb44d809250820

  • SHA1

    5e21191374101f2fe9713a471f8057192c3b5720

  • SHA256

    36ab5e86b39629275f7934661b0f2532d77c9fce266acdfb1c3520c4d8bd5f3a

  • SHA512

    4b94be743e84b21ceb172a7935a79f03cc182bde142a61a266d57fa97a0ea764aace2b1be96caaeb90800aa700abf56024abdb0d07654abaf7272a59ec1054fa

  • SSDEEP

    1536:P5oGLYQLC4isw5eZRRfNfA2OeTtlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:KQm4rw5MHAMtltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      1b9902e7b910d2481fcb44d809250820_NeikiAnalytics

    • Size

      163KB

    • MD5

      1b9902e7b910d2481fcb44d809250820

    • SHA1

      5e21191374101f2fe9713a471f8057192c3b5720

    • SHA256

      36ab5e86b39629275f7934661b0f2532d77c9fce266acdfb1c3520c4d8bd5f3a

    • SHA512

      4b94be743e84b21ceb172a7935a79f03cc182bde142a61a266d57fa97a0ea764aace2b1be96caaeb90800aa700abf56024abdb0d07654abaf7272a59ec1054fa

    • SSDEEP

      1536:P5oGLYQLC4isw5eZRRfNfA2OeTtlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:KQm4rw5MHAMtltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks