General

  • Target

    5f9d75d902d60c49571077dcf21fac90_NeikiAnalytics

  • Size

    163KB

  • Sample

    240515-cejevsbg6s

  • MD5

    5f9d75d902d60c49571077dcf21fac90

  • SHA1

    7e39f488406fdf1252c7eb7d0bbe0c0d809994f0

  • SHA256

    d460ca339cd9ef15a13de00f9fa054fee1c047c38f8d9d7a79db3428ea7f479f

  • SHA512

    51f9d637e435763f4b61f9e276b3946171ef332696799743ab40e49220c02c930599da899334a923a6f127e35e5c38389b56dd1881b8739feb37adefe6cf2967

  • SSDEEP

    1536:Pm35C8GavmHY5I9KxHtn88HrGeTaZ4W5DmSlProNVU4qNVUrk/9QbfBr+7GwKrPb:O35C+5AEtE4W5DmSltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      5f9d75d902d60c49571077dcf21fac90_NeikiAnalytics

    • Size

      163KB

    • MD5

      5f9d75d902d60c49571077dcf21fac90

    • SHA1

      7e39f488406fdf1252c7eb7d0bbe0c0d809994f0

    • SHA256

      d460ca339cd9ef15a13de00f9fa054fee1c047c38f8d9d7a79db3428ea7f479f

    • SHA512

      51f9d637e435763f4b61f9e276b3946171ef332696799743ab40e49220c02c930599da899334a923a6f127e35e5c38389b56dd1881b8739feb37adefe6cf2967

    • SSDEEP

      1536:Pm35C8GavmHY5I9KxHtn88HrGeTaZ4W5DmSlProNVU4qNVUrk/9QbfBr+7GwKrPb:O35C+5AEtE4W5DmSltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks