General

  • Target

    b1265a85df930b53427849c0910e9170_NeikiAnalytics.exe

  • Size

    163KB

  • Sample

    240518-jvxezsag4z

  • MD5

    b1265a85df930b53427849c0910e9170

  • SHA1

    aead2a8d3eafeb3f89fc2bb9a0ae5828a5860cef

  • SHA256

    8da5c8120a4b2bd0a77456ca2998c1d82c1184f34072bef6712e904c184fafaa

  • SHA512

    70adcd0151285dd4bbf2da9de0d9e11d15f92394ccc39499df29afa5b15860ef61e80c102613b2a051cabf2f94e0000684e480c87d5a2dfcd353718760a4b606

  • SSDEEP

    1536:Pp7XjbbY1vItlUBgAqoylProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:t/01vIqFyltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      b1265a85df930b53427849c0910e9170_NeikiAnalytics.exe

    • Size

      163KB

    • MD5

      b1265a85df930b53427849c0910e9170

    • SHA1

      aead2a8d3eafeb3f89fc2bb9a0ae5828a5860cef

    • SHA256

      8da5c8120a4b2bd0a77456ca2998c1d82c1184f34072bef6712e904c184fafaa

    • SHA512

      70adcd0151285dd4bbf2da9de0d9e11d15f92394ccc39499df29afa5b15860ef61e80c102613b2a051cabf2f94e0000684e480c87d5a2dfcd353718760a4b606

    • SSDEEP

      1536:Pp7XjbbY1vItlUBgAqoylProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:t/01vIqFyltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks