General

  • Target

    30bdef93aafa00121825a13c5299fb10_NeikiAnalytics

  • Size

    163KB

  • Sample

    240514-1st1hsab7s

  • MD5

    30bdef93aafa00121825a13c5299fb10

  • SHA1

    f061ab5a27d5d3ba40494ee1f06bb3ee16050364

  • SHA256

    39b2820e08c444b697e35c66c7c04d6fae9ac821c3d29768bece7e3d431b806b

  • SHA512

    7622a09d8a680da5a9d2bc57b19aa689fd53971c4ad2ddb9d758770bd1d48b7d31e40b38522d4ce5917ec4e9f9da052b0aa7b4184b94f3e129ba5408ec8a39c8

  • SSDEEP

    1536:PZMUQykW3Kkww8eGbUEIoCH8otvmkRql4rzKlProNVU4qNVUrk/9QbfBr+7GwKrj:S9yZ9QPmmkRSKKltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      30bdef93aafa00121825a13c5299fb10_NeikiAnalytics

    • Size

      163KB

    • MD5

      30bdef93aafa00121825a13c5299fb10

    • SHA1

      f061ab5a27d5d3ba40494ee1f06bb3ee16050364

    • SHA256

      39b2820e08c444b697e35c66c7c04d6fae9ac821c3d29768bece7e3d431b806b

    • SHA512

      7622a09d8a680da5a9d2bc57b19aa689fd53971c4ad2ddb9d758770bd1d48b7d31e40b38522d4ce5917ec4e9f9da052b0aa7b4184b94f3e129ba5408ec8a39c8

    • SSDEEP

      1536:PZMUQykW3Kkww8eGbUEIoCH8otvmkRql4rzKlProNVU4qNVUrk/9QbfBr+7GwKrj:S9yZ9QPmmkRSKKltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks