General

  • Target

    aff45a4032df13c4bd6736c83030e8b0_NeikiAnalytics

  • Size

    163KB

  • Sample

    240514-kjqnqshd45

  • MD5

    aff45a4032df13c4bd6736c83030e8b0

  • SHA1

    ef8abec9155de6ca3c1035922d4ece4e553623fd

  • SHA256

    941b04f4bbfa2509a644b2c30652a4c3ec5a75b6e4e5c89d85c72ecccd5bb4ef

  • SHA512

    1a8e3434fc6ab1a507517f5a72bc1bcf30f05a4c0c3be7df641b782802f8fd3086b2365aecd867de8be86d58f3f47b66af0defed11f669638e626b8b57b79ec0

  • SSDEEP

    1536:PaBV9DSmM/hGcBtYjQS4JaZ1GJulProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:ylMZGcBtY0dJOeultOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      aff45a4032df13c4bd6736c83030e8b0_NeikiAnalytics

    • Size

      163KB

    • MD5

      aff45a4032df13c4bd6736c83030e8b0

    • SHA1

      ef8abec9155de6ca3c1035922d4ece4e553623fd

    • SHA256

      941b04f4bbfa2509a644b2c30652a4c3ec5a75b6e4e5c89d85c72ecccd5bb4ef

    • SHA512

      1a8e3434fc6ab1a507517f5a72bc1bcf30f05a4c0c3be7df641b782802f8fd3086b2365aecd867de8be86d58f3f47b66af0defed11f669638e626b8b57b79ec0

    • SSDEEP

      1536:PaBV9DSmM/hGcBtYjQS4JaZ1GJulProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:ylMZGcBtY0dJOeultOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks