Extracted

• • Target

    1506235ef20de5e302756790a06e84aba843ef488af220956041a154a0901e98

  • Size

    493KB

  • MD5

    6c7e410f44893d5274d311126f2c70f6

  • SHA1

    f057ffd3ef87238b2a99df772832a9468cbe5d68

  • SHA256

    1506235ef20de5e302756790a06e84aba843ef488af220956041a154a0901e98

  • SHA512

    f248792d2a9ebfb978c5acf8512849c77d0776707be5a568a0cafc00b212dcee6c67de161fa292575b26a82f14c7253be454d9e68f21f0425c41c7f460772a38

  Score

  10^/10

  gozi_ifsb1010bankerpersistencetrojan

  • Gozi, Gozi IFSB

    Gozi ISFB is a well-known and widely distributed banking trojan.

    bankertrojangozi_ifsb

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2