General

  • Target

    494992dafab51d17be2f74f0eff4ebd0_NeikiAnalytics

  • Size

    163KB

  • Sample

    240512-x7867scg2t

  • MD5

    494992dafab51d17be2f74f0eff4ebd0

  • SHA1

    539affd8e89ded9b0f8a67a82d5e43cb8788e932

  • SHA256

    2b80b17cae01317749f00377b70756d33f2109bfca2508c8b833fe7101bac930

  • SHA512

    c19a1edecc1d533fc444a8903f629792e8261adfbd73f0e2ccc6706f5495f258ac0b3733f4d95adffb1980e30fffecd00217a8a927012526606889d40acecf4f

  • SSDEEP

    3072:767R+slb2wtJNLB4EhmtltOrWKDBr+yJb:oR+slbNBJMtLOf

Malware Config

Extracted

Family

gozi

Targets

    • Target

      494992dafab51d17be2f74f0eff4ebd0_NeikiAnalytics

    • Size

      163KB

    • MD5

      494992dafab51d17be2f74f0eff4ebd0

    • SHA1

      539affd8e89ded9b0f8a67a82d5e43cb8788e932

    • SHA256

      2b80b17cae01317749f00377b70756d33f2109bfca2508c8b833fe7101bac930

    • SHA512

      c19a1edecc1d533fc444a8903f629792e8261adfbd73f0e2ccc6706f5495f258ac0b3733f4d95adffb1980e30fffecd00217a8a927012526606889d40acecf4f

    • SSDEEP

      3072:767R+slb2wtJNLB4EhmtltOrWKDBr+yJb:oR+slbNBJMtLOf

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks