gozi | d4f4fcc397aacfd628d18bee0fe420a9c312e145d39649eca2eb2babb4ef9458 | Triage

Sharing

General

Target

32abc01bc079e7347b587bcc3f1b20c0_NeikiAnalytics.exe
Size

163KB
Sample

240517-ztfc3sah86
MD5

32abc01bc079e7347b587bcc3f1b20c0
SHA1

ae89efaed4446d4ce9450e240c49eee189c84227
SHA256

d4f4fcc397aacfd628d18bee0fe420a9c312e145d39649eca2eb2babb4ef9458
SHA512

52fe6dfc4515c435b368b4213b7cfd45567b85ff3b696b7ca78f61df039cb186b08faeb386660e7d285168d6a704b01e73f1ef3d93162a8a223bb4b4cd32ee05
SSDEEP

1536:Psh7C56sOt+ro2jw4OwV6ccccccccccccccccccccccccccccccccYtccmczcccq:Eh7C82U4OwZs3YrqltOrWKDBr+yJb

Score

10^/10

gozi banker isfb persistence trojan

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  32abc01bc079e7347b587bcc3f1b20c0_NeikiAnalytics.exe
- Size
  
  163KB
- MD5
  
  32abc01bc079e7347b587bcc3f1b20c0
- SHA1
  
  ae89efaed4446d4ce9450e240c49eee189c84227
- SHA256
  
  d4f4fcc397aacfd628d18bee0fe420a9c312e145d39649eca2eb2babb4ef9458
- SHA512
  
  52fe6dfc4515c435b368b4213b7cfd45567b85ff3b696b7ca78f61df039cb186b08faeb386660e7d285168d6a704b01e73f1ef3d93162a8a223bb4b4cd32ee05
- SSDEEP
  
  1536:Psh7C56sOt+ro2jw4OwV6ccccccccccccccccccccccccccccccccYtccmczcccq:Eh7C82U4OwZs3YrqltOrWKDBr+yJb
Score

10^/10

gozi banker isfb persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozibankerisfbpersistencetrojan

behavioral2

gozibankerisfbpersistencetrojan