General

  • Target

    cd12c4c6a85f359ccfeb7909c8abf4d0_NeikiAnalytics

  • Size

    163KB

  • Sample

    240514-tftewsdf2v

  • MD5

    cd12c4c6a85f359ccfeb7909c8abf4d0

  • SHA1

    c2c6d3d6d73f1033eb480fe0136a8176aeca9bc0

  • SHA256

    4935bd355913d284a3383a1208519114ba6f3fbf1cee0b5197011845417bebc0

  • SHA512

    fc12f258821fd9c56005b999d988569eb77234555776711e9ce99c94babea4b9578bc2d52da1d30e35163220f2b02e1c2aedb78273552792fe63a6740cf90956

  • SSDEEP

    1536:P3IT1HpfaP7LBYCoEHry9X5nQHsl5klProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:gpH+BYCo1msl5kltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      cd12c4c6a85f359ccfeb7909c8abf4d0_NeikiAnalytics

    • Size

      163KB

    • MD5

      cd12c4c6a85f359ccfeb7909c8abf4d0

    • SHA1

      c2c6d3d6d73f1033eb480fe0136a8176aeca9bc0

    • SHA256

      4935bd355913d284a3383a1208519114ba6f3fbf1cee0b5197011845417bebc0

    • SHA512

      fc12f258821fd9c56005b999d988569eb77234555776711e9ce99c94babea4b9578bc2d52da1d30e35163220f2b02e1c2aedb78273552792fe63a6740cf90956

    • SSDEEP

      1536:P3IT1HpfaP7LBYCoEHry9X5nQHsl5klProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:gpH+BYCo1msl5kltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks