General
-
Target
0f02592ca1594d45887442cadb4eb3b0_NeikiAnalytics.exe
-
Size
163KB
-
Sample
240524-3nreyafd89
-
MD5
0f02592ca1594d45887442cadb4eb3b0
-
SHA1
a2b3c3928cbd17d3eae251340ac474bb9e2d194a
-
SHA256
8844439ae306c09d268f13c6778afbf31f97dc1ec7874f33d60b8296c7bd1ff0
-
SHA512
a9614e41958a1c63870bbe5353f236941550849c70f957ce5d77b9a5a05ac2d08cece2abaccd0374b1a7bef4c82693871d52e78aa7c0a862e34270c2593881b9
-
SSDEEP
1536:PRpme0MyETmWMpJ8qEhV/+zMC1M/ULLlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNy:Zp79M7FEvWzL1MSLltOrWKDBr+yJb
Malware Config
Extracted
gozi
Targets
-
-
Target
0f02592ca1594d45887442cadb4eb3b0_NeikiAnalytics.exe
-
Size
163KB
-
MD5
0f02592ca1594d45887442cadb4eb3b0
-
SHA1
a2b3c3928cbd17d3eae251340ac474bb9e2d194a
-
SHA256
8844439ae306c09d268f13c6778afbf31f97dc1ec7874f33d60b8296c7bd1ff0
-
SHA512
a9614e41958a1c63870bbe5353f236941550849c70f957ce5d77b9a5a05ac2d08cece2abaccd0374b1a7bef4c82693871d52e78aa7c0a862e34270c2593881b9
-
SSDEEP
1536:PRpme0MyETmWMpJ8qEhV/+zMC1M/ULLlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNy:Zp79M7FEvWzL1MSLltOrWKDBr+yJb
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-