General

  • Target

    2a68b473f4cfb1c32fe42d48cd54fde0_NeikiAnalytics

  • Size

    163KB

  • Sample

    240513-2cvsjsgg42

  • MD5

    2a68b473f4cfb1c32fe42d48cd54fde0

  • SHA1

    7e6c4ff02c772c1d803ab31cddd6990fc7a75573

  • SHA256

    a3f812bc25b3449810d0ed7304f692895f9717b08e067eb24218b6a515292541

  • SHA512

    1033fe65e039130f8cee7cca7be4887ee38204b7ab3cc476f9584244f8f8de4247bd9a769d8b572e79dee993ab6b3120083202ad006e174d8648c2bea344711f

  • SSDEEP

    1536:PorGBx6sgY+PBEBZ464ItLiWMu+BktqtuseNrx1CxZPtOlProNVU4qNVUrk/9QbH:sJshfV/t4ArxgxpwltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      2a68b473f4cfb1c32fe42d48cd54fde0_NeikiAnalytics

    • Size

      163KB

    • MD5

      2a68b473f4cfb1c32fe42d48cd54fde0

    • SHA1

      7e6c4ff02c772c1d803ab31cddd6990fc7a75573

    • SHA256

      a3f812bc25b3449810d0ed7304f692895f9717b08e067eb24218b6a515292541

    • SHA512

      1033fe65e039130f8cee7cca7be4887ee38204b7ab3cc476f9584244f8f8de4247bd9a769d8b572e79dee993ab6b3120083202ad006e174d8648c2bea344711f

    • SSDEEP

      1536:PorGBx6sgY+PBEBZ464ItLiWMu+BktqtuseNrx1CxZPtOlProNVU4qNVUrk/9QbH:sJshfV/t4ArxgxpwltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks