General

  • Target

    a317da6f44d94ad3e742985c8b570940_NeikiAnalytics

  • Size

    163KB

  • Sample

    240514-jdrheafc4z

  • MD5

    a317da6f44d94ad3e742985c8b570940

  • SHA1

    9c6274a970936b51d0ee4ffe791f99ef08b04bd9

  • SHA256

    1a3ca8d51e60ea81028503c1f293a22b68ade8229a499e9f320f675e00b64e29

  • SHA512

    d01288465dff346cc4870ad5fd49a57a7d0fdeef7c07900476a469c2e65a88d744ba32668bd82165201c09dcb39d51e0c702bd03555b941c519f6c953dcb8bdb

  • SSDEEP

    1536:PXqCg0CH4w6J3gW3Qh/y/mFhkUj8GmgIhrlProNVU4qNVUrk/9QbfBr+7GwKrPAS:vqC4HNG3gWwlbH2rltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      a317da6f44d94ad3e742985c8b570940_NeikiAnalytics

    • Size

      163KB

    • MD5

      a317da6f44d94ad3e742985c8b570940

    • SHA1

      9c6274a970936b51d0ee4ffe791f99ef08b04bd9

    • SHA256

      1a3ca8d51e60ea81028503c1f293a22b68ade8229a499e9f320f675e00b64e29

    • SHA512

      d01288465dff346cc4870ad5fd49a57a7d0fdeef7c07900476a469c2e65a88d744ba32668bd82165201c09dcb39d51e0c702bd03555b941c519f6c953dcb8bdb

    • SSDEEP

      1536:PXqCg0CH4w6J3gW3Qh/y/mFhkUj8GmgIhrlProNVU4qNVUrk/9QbfBr+7GwKrPAS:vqC4HNG3gWwlbH2rltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks