General

  • Target

    5d963ad1a178286933bd64aee3fec2e0_NeikiAnalytics.exe

  • Size

    163KB

  • Sample

    240522-yyweesfa44

  • MD5

    5d963ad1a178286933bd64aee3fec2e0

  • SHA1

    22d961b16a4d779a88449f18d78a894f84f7a2d0

  • SHA256

    06375dc0d376733b6e3764173d4b6c64821c37b3f98eb259313147ac1b76ee0f

  • SHA512

    ac715ed11b56c4dc7dd62930a05080a5a4690eef942acf775a7cc25357b70a1c700a256f16b6e11cea6ef1fcc88baef0e43226f31efb0defb0cdf6868faa0c29

  • SSDEEP

    1536:Ps2UYi2aWUNU6ka7tPph8FdD111111111111111111111111111111111n11p11G:UJ2a3C6dyhHE8ltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      5d963ad1a178286933bd64aee3fec2e0_NeikiAnalytics.exe

    • Size

      163KB

    • MD5

      5d963ad1a178286933bd64aee3fec2e0

    • SHA1

      22d961b16a4d779a88449f18d78a894f84f7a2d0

    • SHA256

      06375dc0d376733b6e3764173d4b6c64821c37b3f98eb259313147ac1b76ee0f

    • SHA512

      ac715ed11b56c4dc7dd62930a05080a5a4690eef942acf775a7cc25357b70a1c700a256f16b6e11cea6ef1fcc88baef0e43226f31efb0defb0cdf6868faa0c29

    • SSDEEP

      1536:Ps2UYi2aWUNU6ka7tPph8FdD111111111111111111111111111111111n11p11G:UJ2a3C6dyhHE8ltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Tasks