General

  • Target

    b88ef6baba0662b6f8865fccdf277c50_NeikiAnalytics

  • Size

    163KB

  • Sample

    240513-p19v6afh55

  • MD5

    b88ef6baba0662b6f8865fccdf277c50

  • SHA1

    0cc55631e9218215c25de2537d75bc23a9c53b0b

  • SHA256

    8b9e9e8a2f3e1871557ecaafc8baf10c7fc7fc78be800540781c3b37afe244ff

  • SHA512

    d1448a17fb2414bdbd405a60040d6b7519af9cc714c870b09ffc04e79c2ea7b21536ab70fd3906b3a6b1c81effb335a0058401290c2915b7c99ec6e21705dc60

  • SSDEEP

    1536:PwGVFJ9LKGhMxUGT/USlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:YE1KGhMx/T/USltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      b88ef6baba0662b6f8865fccdf277c50_NeikiAnalytics

    • Size

      163KB

    • MD5

      b88ef6baba0662b6f8865fccdf277c50

    • SHA1

      0cc55631e9218215c25de2537d75bc23a9c53b0b

    • SHA256

      8b9e9e8a2f3e1871557ecaafc8baf10c7fc7fc78be800540781c3b37afe244ff

    • SHA512

      d1448a17fb2414bdbd405a60040d6b7519af9cc714c870b09ffc04e79c2ea7b21536ab70fd3906b3a6b1c81effb335a0058401290c2915b7c99ec6e21705dc60

    • SSDEEP

      1536:PwGVFJ9LKGhMxUGT/USlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:YE1KGhMx/T/USltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks