General

  • Target

    af9127631a3b9f108a05b7d04de177f0_NeikiAnalytics

  • Size

    163KB

  • Sample

    240513-lqq4hshh35

  • MD5

    af9127631a3b9f108a05b7d04de177f0

  • SHA1

    7bacb54d9bcd5c13b4265b0b56478705d721a8f9

  • SHA256

    852aaac5cef41d246048db34cc4057457141c7efa510cd5f0fe70484ed6693df

  • SHA512

    159e2a1e4393cb705dac106de3301cafa65e5b7ea287793cf24b64cc0a43d3c3647dc093831574da9bf20e9b5a2f2bafef0118ad5a86e7b8d6abce64de8d55b8

  • SSDEEP

    1536:PHzWKYtqhnDk5C/z8aKba+uxe3xflProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:PzS4hQJA+KeBfltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      af9127631a3b9f108a05b7d04de177f0_NeikiAnalytics

    • Size

      163KB

    • MD5

      af9127631a3b9f108a05b7d04de177f0

    • SHA1

      7bacb54d9bcd5c13b4265b0b56478705d721a8f9

    • SHA256

      852aaac5cef41d246048db34cc4057457141c7efa510cd5f0fe70484ed6693df

    • SHA512

      159e2a1e4393cb705dac106de3301cafa65e5b7ea287793cf24b64cc0a43d3c3647dc093831574da9bf20e9b5a2f2bafef0118ad5a86e7b8d6abce64de8d55b8

    • SSDEEP

      1536:PHzWKYtqhnDk5C/z8aKba+uxe3xflProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:PzS4hQJA+KeBfltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks