General
-
Target
4efb281ed3d8d6da82e8596bda48ee00_NeikiAnalytics
-
Size
163KB
-
Sample
240515-22746sha73
-
MD5
4efb281ed3d8d6da82e8596bda48ee00
-
SHA1
3e2b8a1aac3466fa1a91b2e032563e2073f2dea1
-
SHA256
579dfe89820ccd8d7cdacee504522e64dfefee35fd3918ec2aaf96639db7afb9
-
SHA512
d3856568d30eb91312d816039e11151845a68da29b0c4fa0be5c675b2864c3a5c5c2b1251f887bfc82278d32caf3c50c84bd2a487b19d536ece3957dcd90203c
-
SSDEEP
3072:jOpf0OPY8VZlqgVg7pjhHltOrWKDBr+yJb:jEPLVul7JxLOf
Malware Config
Extracted
gozi
Targets
-
-
Target
4efb281ed3d8d6da82e8596bda48ee00_NeikiAnalytics
-
Size
163KB
-
MD5
4efb281ed3d8d6da82e8596bda48ee00
-
SHA1
3e2b8a1aac3466fa1a91b2e032563e2073f2dea1
-
SHA256
579dfe89820ccd8d7cdacee504522e64dfefee35fd3918ec2aaf96639db7afb9
-
SHA512
d3856568d30eb91312d816039e11151845a68da29b0c4fa0be5c675b2864c3a5c5c2b1251f887bfc82278d32caf3c50c84bd2a487b19d536ece3957dcd90203c
-
SSDEEP
3072:jOpf0OPY8VZlqgVg7pjhHltOrWKDBr+yJb:jEPLVul7JxLOf
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-