General
-
Target
09f179936fe1e67f418803cb239fc3612f07b7ff64c8ba63ddd1bc230db8a4b3_NeikiAnalytics
-
Size
163KB
-
Sample
240521-glspbsfh38
-
MD5
371e8864647b6c45d7dbfd98b8ebec40
-
SHA1
d0bfad08c1356e59c6d34abb53c92e1b247d8004
-
SHA256
09f179936fe1e67f418803cb239fc3612f07b7ff64c8ba63ddd1bc230db8a4b3
-
SHA512
3b6ec40de3a89d73dd300ded61a38bd2d2ade0e91641857bd2ddfc1ea2db6e0b5b60044169f4d1f42f6d5eda2e90f571e1250ca419eea8f98d940f4fa01c1440
-
SSDEEP
1536:P0hDEVGk+Nph/Yy8gba0dNG346lwUA7lProNVU4qNVUrk/9QbfBr+7GwKrPAsqNy:mEu7EgS/A7ltOrWKDBr+yJb
Malware Config
Extracted
gozi
Targets
-
-
Target
09f179936fe1e67f418803cb239fc3612f07b7ff64c8ba63ddd1bc230db8a4b3_NeikiAnalytics
-
Size
163KB
-
MD5
371e8864647b6c45d7dbfd98b8ebec40
-
SHA1
d0bfad08c1356e59c6d34abb53c92e1b247d8004
-
SHA256
09f179936fe1e67f418803cb239fc3612f07b7ff64c8ba63ddd1bc230db8a4b3
-
SHA512
3b6ec40de3a89d73dd300ded61a38bd2d2ade0e91641857bd2ddfc1ea2db6e0b5b60044169f4d1f42f6d5eda2e90f571e1250ca419eea8f98d940f4fa01c1440
-
SSDEEP
1536:P0hDEVGk+Nph/Yy8gba0dNG346lwUA7lProNVU4qNVUrk/9QbfBr+7GwKrPAsqNy:mEu7EgS/A7ltOrWKDBr+yJb
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-