General

  • Target

    3b80e506058acc51075f993f29380140_NeikiAnalytics

  • Size

    163KB

  • Sample

    240514-acn68abf64

  • MD5

    3b80e506058acc51075f993f29380140

  • SHA1

    f13691dfa2f620aba9786f5d6d2afbffdf574196

  • SHA256

    d1caf94d8a2ff797e1aafb991885eefc158182cd07b43b420b3995ead3c49c47

  • SHA512

    d7c99a90bb0d0bc9bcf90a9c4bacb91563bf2f7570ad8ab9258ea9625d697316cfecc8ee4459076dd763cb19440a92bc4df289c48c3f00c5c23959963bbc6ded

  • SSDEEP

    1536:POb2NL9ROxdmHC776MmMNXwJH2zmlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:mbsfaBrmltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      3b80e506058acc51075f993f29380140_NeikiAnalytics

    • Size

      163KB

    • MD5

      3b80e506058acc51075f993f29380140

    • SHA1

      f13691dfa2f620aba9786f5d6d2afbffdf574196

    • SHA256

      d1caf94d8a2ff797e1aafb991885eefc158182cd07b43b420b3995ead3c49c47

    • SHA512

      d7c99a90bb0d0bc9bcf90a9c4bacb91563bf2f7570ad8ab9258ea9625d697316cfecc8ee4459076dd763cb19440a92bc4df289c48c3f00c5c23959963bbc6ded

    • SSDEEP

      1536:POb2NL9ROxdmHC776MmMNXwJH2zmlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:mbsfaBrmltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks