General

  • Target

    bf7f56ef9c8a5816fe86ee886b35b210_NeikiAnalytics

  • Size

    163KB

  • Sample

    240513-vwh5jafb21

  • MD5

    bf7f56ef9c8a5816fe86ee886b35b210

  • SHA1

    86cd4c799b35285c3497f4bbafed070f24eb0263

  • SHA256

    57e1568d622459dab1d7ec7372ce12aec836ad63adfe9f0c2c11c70cde527ed8

  • SHA512

    aa0d8e4e4b1f0906e73f682250e283c943099f19e3d241ce1b5aa05a45e9d5f57efdab05caae42ea9b3b81139f5fd21e25270daf38703044b7596e974f4072eb

  • SSDEEP

    1536:P15mRDV7PON4+I1i61vOHzD3UkI+GtR4oHlProNVU4qNVUrk/9QbfBr+7GwKrPAS:mRDoN4R4sozDu+GtG0ltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      bf7f56ef9c8a5816fe86ee886b35b210_NeikiAnalytics

    • Size

      163KB

    • MD5

      bf7f56ef9c8a5816fe86ee886b35b210

    • SHA1

      86cd4c799b35285c3497f4bbafed070f24eb0263

    • SHA256

      57e1568d622459dab1d7ec7372ce12aec836ad63adfe9f0c2c11c70cde527ed8

    • SHA512

      aa0d8e4e4b1f0906e73f682250e283c943099f19e3d241ce1b5aa05a45e9d5f57efdab05caae42ea9b3b81139f5fd21e25270daf38703044b7596e974f4072eb

    • SSDEEP

      1536:P15mRDV7PON4+I1i61vOHzD3UkI+GtR4oHlProNVU4qNVUrk/9QbfBr+7GwKrPAS:mRDoN4R4sozDu+GtG0ltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks