General
-
Target
334c1531ce62f8689374309c47d954733877871b195d18518240fca089902836_NeikiAnalytics.exe
-
Size
163KB
-
Sample
240701-ed7r6svgrd
-
MD5
58d01cf211c94ac880b3e9fe9f651ae0
-
SHA1
d729a94d3c293a30d2a95d22203efc895f376d8d
-
SHA256
334c1531ce62f8689374309c47d954733877871b195d18518240fca089902836
-
SHA512
5fe24efbaeb51217281ea10f0fdb25b47631321c814cdab919ebe7b5c2a9b4642e7d1ba7197a41db35458dce452404713e3a3772d8e0156827e5e513421812ea
-
SSDEEP
1536:PwNUGV/e/4AJJ18wpC+GvcNwYkNXVXlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:4NzdS4AJJtC+GErYhltOrWKDBr+yJb
Malware Config
Extracted
gozi
Targets
-
-
Target
334c1531ce62f8689374309c47d954733877871b195d18518240fca089902836_NeikiAnalytics.exe
-
Size
163KB
-
MD5
58d01cf211c94ac880b3e9fe9f651ae0
-
SHA1
d729a94d3c293a30d2a95d22203efc895f376d8d
-
SHA256
334c1531ce62f8689374309c47d954733877871b195d18518240fca089902836
-
SHA512
5fe24efbaeb51217281ea10f0fdb25b47631321c814cdab919ebe7b5c2a9b4642e7d1ba7197a41db35458dce452404713e3a3772d8e0156827e5e513421812ea
-
SSDEEP
1536:PwNUGV/e/4AJJ18wpC+GvcNwYkNXVXlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:4NzdS4AJJtC+GErYhltOrWKDBr+yJb
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-