Overview

overview

10

Static

static

3

5039e2059f...cs.exe

windows7-x64

10

5039e2059f...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5039e2059f016f5b500d85795abe9fe314e135d26b498d4f72f5c3296c8a6ec8_NeikiAnalytics.exe

  • Size

    163KB

  • Sample

    240620-le3yyazere

  • MD5

    ac018d03bd699c3b878b637d92a3da30

  • SHA1

    a7a490a0725bbea99dcdf251b9b1b4d64e41ce88

  • SHA256

    5039e2059f016f5b500d85795abe9fe314e135d26b498d4f72f5c3296c8a6ec8

  • SHA512

    4139ab5bcfe097273bf132d7d4d52fb81d905222ca04296f9170c8dc75534a78bfa3a411a16afae67eb924f295da5a1a84aa452fb3edab6152ca545ed2aab104

  • SSDEEP

    1536:PUHoHX4woTLdJWrVQlqvEwD3g123NlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:hXVsLGQUvnq23NltOrWKDBr+yJb

Score
10/10
gozibankerisfbpersistencetrojan

Malware Config

Extracted

Family

gozi

Targets

    • Target

      5039e2059f016f5b500d85795abe9fe314e135d26b498d4f72f5c3296c8a6ec8_NeikiAnalytics.exe

    • Size

      163KB

    • MD5

      ac018d03bd699c3b878b637d92a3da30

    • SHA1

      a7a490a0725bbea99dcdf251b9b1b4d64e41ce88

    • SHA256

      5039e2059f016f5b500d85795abe9fe314e135d26b498d4f72f5c3296c8a6ec8

    • SHA512

      4139ab5bcfe097273bf132d7d4d52fb81d905222ca04296f9170c8dc75534a78bfa3a411a16afae67eb924f295da5a1a84aa452fb3edab6152ca545ed2aab104

    • SSDEEP

      1536:PUHoHX4woTLdJWrVQlqvEwD3g123NlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:hXVsLGQUvnq23NltOrWKDBr+yJb

    Score
    10/10
    persistencegozibankerisfbtrojan

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks