General

  • Target

    abd782bd29dd78a3fb2536e77c6b00a3_NeikiAnalytics.exe

  • Size

    163KB

  • Sample

    240520-lktbpaec9s

  • MD5

    abd782bd29dd78a3fb2536e77c6b00a3

  • SHA1

    bfc22058f091f11f7e0e68ee6c1d9e4aad9d6634

  • SHA256

    c96907020c1616a90a271fff4cffc039d145217d1b86f2fd6c064a352d29da0a

  • SHA512

    6e53b92733128b2c29d0edfbfc705b3af61a544bb12323a672f265b184fe64dc83732ab3adec8a55f513a61c94f5e1faaefd186ecaa80bd4493da0c8864de79a

  • SSDEEP

    1536:PSlpvAt1aWET7gdPa2xlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:IvGEP0asltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      abd782bd29dd78a3fb2536e77c6b00a3_NeikiAnalytics.exe

    • Size

      163KB

    • MD5

      abd782bd29dd78a3fb2536e77c6b00a3

    • SHA1

      bfc22058f091f11f7e0e68ee6c1d9e4aad9d6634

    • SHA256

      c96907020c1616a90a271fff4cffc039d145217d1b86f2fd6c064a352d29da0a

    • SHA512

      6e53b92733128b2c29d0edfbfc705b3af61a544bb12323a672f265b184fe64dc83732ab3adec8a55f513a61c94f5e1faaefd186ecaa80bd4493da0c8864de79a

    • SSDEEP

      1536:PSlpvAt1aWET7gdPa2xlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:IvGEP0asltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Tasks