gozi | 8a8aa0127badc3bbb6f8df37e5565855ead8ffe7df01dc78ba7e583e48472a7c | Triage

Submit
Reports

Overview

overview

Static

static

3

8a8aa0127b...cs.exe

windows7-x64

8a8aa0127b...cs.exe

windows10-2004-x64

Sharing

General

Target

8a8aa0127badc3bbb6f8df37e5565855ead8ffe7df01dc78ba7e583e48472a7c_NeikiAnalytics.exe
Size

163KB
Sample

240629-kang1sxbkl
MD5

887147f68fc4cee5c8e1fbc3e84c9500
SHA1

9b7453c44e2eb38bd56834f775827daa470996b4
SHA256

8a8aa0127badc3bbb6f8df37e5565855ead8ffe7df01dc78ba7e583e48472a7c
SHA512

a9a8fbdd20aaef703a7002d7f1ccd514f241a03e79a9dc90e6e0ffb72be6b2b8f32bf409e3d0c9e0ffe9a5d6186e56e00794dd6dbc0c71c4d10be0f5d42f9973
SSDEEP

1536:PIVWrTMaSBpl4mPjon/dOYNcwIlkKDexr49YdcInJ/lProNVU4qNVUrk/9QbfBrN:BrIVBpKkwlIY1J/ltOrWKDBr+yJb

Score

10^/10

gozi banker isfb persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8a8aa0127badc3bbb6f8df37e5565855ead8ffe7df01dc78ba7e583e48472a7c_NeikiAnalytics.exe

Resource

win7-20240221-en

gozi banker isfb persistence trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

8a8aa0127badc3bbb6f8df37e5565855ead8ffe7df01dc78ba7e583e48472a7c_NeikiAnalytics.exe

Resource

win10v2004-20240611-en

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  8a8aa0127badc3bbb6f8df37e5565855ead8ffe7df01dc78ba7e583e48472a7c_NeikiAnalytics.exe
- Size
  
  163KB
- MD5
  
  887147f68fc4cee5c8e1fbc3e84c9500
- SHA1
  
  9b7453c44e2eb38bd56834f775827daa470996b4
- SHA256
  
  8a8aa0127badc3bbb6f8df37e5565855ead8ffe7df01dc78ba7e583e48472a7c
- SHA512
  
  a9a8fbdd20aaef703a7002d7f1ccd514f241a03e79a9dc90e6e0ffb72be6b2b8f32bf409e3d0c9e0ffe9a5d6186e56e00794dd6dbc0c71c4d10be0f5d42f9973
- SSDEEP
  
  1536:PIVWrTMaSBpl4mPjon/dOYNcwIlkKDexr49YdcInJ/lProNVU4qNVUrk/9QbfBrN:BrIVBpKkwlIY1J/ltOrWKDBr+yJb
Score

10^/10

gozi banker isfb persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gozibankerisfbpersistencetrojan

behavioral2

© 2018-2024

Terms | Privacy