Overview

overview

10

Static

static

3

0594c12652...cs.exe

windows7-x64

10

0594c12652...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0594c12652c1e5d89370a715d54fc630_NeikiAnalytics.exe

  • Size

    163KB

  • Sample

    240601-2p931ahe5t

  • MD5

    0594c12652c1e5d89370a715d54fc630

  • SHA1

    02b0eb114e5e0b96884f29f57380088a553f8bb4

  • SHA256

    4913c538a63de7953892e140ec0c31d4d85323bccc1afd5a1515cc262c28f09e

  • SHA512

    c24866ded6ef3e7095000c37d4115d5e7f307a19368f0287f69f4996b9f855c0210f76c1de1f4f01ac82990183ffdd50e3fba905d6f04cc03aa28f7ca6384759

  • SSDEEP

    1536:PjYgzZTBfiEHmSIyFiNuPtr5jP9lProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:rYgzZZHmWFiNMJ5jP9ltOrWKDBr+yJb

Score
10/10
gozibankerisfbpersistencetrojan

Malware Config

Extracted

Family

gozi

Targets

    • Target

      0594c12652c1e5d89370a715d54fc630_NeikiAnalytics.exe

    • Size

      163KB

    • MD5

      0594c12652c1e5d89370a715d54fc630

    • SHA1

      02b0eb114e5e0b96884f29f57380088a553f8bb4

    • SHA256

      4913c538a63de7953892e140ec0c31d4d85323bccc1afd5a1515cc262c28f09e

    • SHA512

      c24866ded6ef3e7095000c37d4115d5e7f307a19368f0287f69f4996b9f855c0210f76c1de1f4f01ac82990183ffdd50e3fba905d6f04cc03aa28f7ca6384759

    • SSDEEP

      1536:PjYgzZTBfiEHmSIyFiNuPtr5jP9lProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:rYgzZZHmWFiNMJ5jP9ltOrWKDBr+yJb

    Score
    10/10
    persistencegozibankerisfbtrojan

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks