General

  • Target

    2b14b95d1d164b0dbdad34919d2ddcf0_NeikiAnalytics

  • Size

    163KB

  • Sample

    240512-tj5mbsde7z

  • MD5

    2b14b95d1d164b0dbdad34919d2ddcf0

  • SHA1

    6c78d689ce61fdcbd750c954a5eaeff3639fb486

  • SHA256

    2b01013819f76e6634db07008b101069909dcf6e9dacd6392ca2654751147c8f

  • SHA512

    9301995a1f13a445e4f82568d40f0d3ddd89428aa04f950eff55cecfc2712324f8381b702ca0e822e78da3635d704f0d984fd5dd3e04a987bd89e1b7767a7fd6

  • SSDEEP

    1536:PuFrCi7q6IuXN3FFVlLFImPh1mP6lProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:237q6/X1VlLemJAiltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      2b14b95d1d164b0dbdad34919d2ddcf0_NeikiAnalytics

    • Size

      163KB

    • MD5

      2b14b95d1d164b0dbdad34919d2ddcf0

    • SHA1

      6c78d689ce61fdcbd750c954a5eaeff3639fb486

    • SHA256

      2b01013819f76e6634db07008b101069909dcf6e9dacd6392ca2654751147c8f

    • SHA512

      9301995a1f13a445e4f82568d40f0d3ddd89428aa04f950eff55cecfc2712324f8381b702ca0e822e78da3635d704f0d984fd5dd3e04a987bd89e1b7767a7fd6

    • SSDEEP

      1536:PuFrCi7q6IuXN3FFVlLFImPh1mP6lProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:237q6/X1VlLemJAiltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks