Extracted

• • Target

    2f49b992825d8c52075a4e15d3ecf31c30e0e4f3e86e45424c0b21956f5b7d3b_NeikiAnalytics.exe

  • Size

    163KB

  • MD5

    fb7fca26d77ccdfaaac24a4428a469f0

  • SHA1

    c44888823e284d42316aec59ef50f7c7c38f2af3

  • SHA256

    2f49b992825d8c52075a4e15d3ecf31c30e0e4f3e86e45424c0b21956f5b7d3b

  • SHA512

    f0db994eee374069957c9d4ade86d48f47bbb0ee474e5d4266596d2b80cdf8d02048eb80342273eb35997d58dc1c61c692006c40dcfd7864e2fbd2ff53998136

  • SSDEEP

    1536:P99a8TyLDTvgwQUwE8YkUAg31lProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:VtQTvg8/8jn61ltOrWKDBr+yJb

  Score

  10^/10

  gozibankerisfbpersistencetrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2