General

  • Target

    b96353da4cbbed2cfeae82ee3e7237d0_NeikiAnalytics

  • Size

    163KB

  • Sample

    240513-qc5f7sfg8w

  • MD5

    b96353da4cbbed2cfeae82ee3e7237d0

  • SHA1

    2c8eaaa4b6d7203665f6984ed3813f5518751fe0

  • SHA256

    864f5c2d17f9fa881243548607e20dd5ff72e119f8ffbb58f6476f22415b73a5

  • SHA512

    2cba979c2b812e0f36c4ee186778a2bc156a3ea2d2406ced21bfd29f8f8ff3b4a18581a1cea5a25b07e19e9fab2465bbe47789f6098b53617f306a38d4e53299

  • SSDEEP

    3072:39olP68PmJLPWxFXSo5ltOrWKDBr+yJb:3+91Gw35LOf

Malware Config

Extracted

Family

gozi

Targets

    • Target

      b96353da4cbbed2cfeae82ee3e7237d0_NeikiAnalytics

    • Size

      163KB

    • MD5

      b96353da4cbbed2cfeae82ee3e7237d0

    • SHA1

      2c8eaaa4b6d7203665f6984ed3813f5518751fe0

    • SHA256

      864f5c2d17f9fa881243548607e20dd5ff72e119f8ffbb58f6476f22415b73a5

    • SHA512

      2cba979c2b812e0f36c4ee186778a2bc156a3ea2d2406ced21bfd29f8f8ff3b4a18581a1cea5a25b07e19e9fab2465bbe47789f6098b53617f306a38d4e53299

    • SSDEEP

      3072:39olP68PmJLPWxFXSo5ltOrWKDBr+yJb:3+91Gw35LOf

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks