Extracted

• • Target

    30f0642335b0522f9d2141ab64318210_NeikiAnalytics

  • Size

    163KB

  • MD5

    30f0642335b0522f9d2141ab64318210

  • SHA1

    770df450ea48b16fe4e3c3fb2a2b9055b13e1af7

  • SHA256

    8fc9d3d5ba5bb7d017f7cae4df4d9355773b18e3cf5c33cba3911b984440f4c5

  • SHA512

    5839b8ad4c711a7bb41c3bba52431587b4f516c1888d2bbf9125363ea6c6cc37c49dd4ae9ccb33dd3ff0bea9c9221e06b7ef7dd07aa27dc7096c099f6c92dbb2

  • SSDEEP

    1536:PML6FSUiuajUNBMHWYbpLp3jpiJ8RfAiAlProNVU4qNVUrk/9QbfBr+7GwKrPAsf:lYUiusU/gWWDYJ8RYnltOrWKDBr+yJb

  Score

  10^/10

  gozibankerdiscoveryisfbpersistencetrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2