Overview

overview

10

Static

static

3

2f3a0ad4db...cs.exe

windows7-x64

10

2f3a0ad4db...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2f3a0ad4dbe00ab099220a9508a622b0_NeikiAnalytics.exe

  • Size

    163KB

  • Sample

    240618-krs4tszflm

  • MD5

    2f3a0ad4dbe00ab099220a9508a622b0

  • SHA1

    2bce376c13da497ced76690ac55cdad436d07461

  • SHA256

    a45caeb445cf7e71ecd304121f58d0b8c95712027f24a8531e34e3b4a4da18dc

  • SHA512

    aff4765fc95a47f0620bcb1cd5e9ad181f14b690c4bb23ae7d3191a15013e97dd9311b4ae130bf70d466178deff7ed701bfe1ebe6c928b73e1704f5c66f6fc07

  • SSDEEP

    3072:gSJd9deBMXuFI7o9IN0GltOrWKDBr+yJb:gyAJtuN0GLOf

Score
10/10
gozibankerisfbpersistencetrojan

Malware Config

Extracted

Family

gozi

Targets

    • Target

      2f3a0ad4dbe00ab099220a9508a622b0_NeikiAnalytics.exe

    • Size

      163KB

    • MD5

      2f3a0ad4dbe00ab099220a9508a622b0

    • SHA1

      2bce376c13da497ced76690ac55cdad436d07461

    • SHA256

      a45caeb445cf7e71ecd304121f58d0b8c95712027f24a8531e34e3b4a4da18dc

    • SHA512

      aff4765fc95a47f0620bcb1cd5e9ad181f14b690c4bb23ae7d3191a15013e97dd9311b4ae130bf70d466178deff7ed701bfe1ebe6c928b73e1704f5c66f6fc07

    • SSDEEP

      3072:gSJd9deBMXuFI7o9IN0GltOrWKDBr+yJb:gyAJtuN0GLOf

    Score
    10/10
    persistencegozibankerisfbtrojan

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks