Extracted

• • Target

    00a0bc861d373a173fa465705d2e6760401413e6daee4d4ee13a5205256553b1

  • Size

    392KB

  • MD5

    64b58ecac6319443fd82a68bbc6593c0

  • SHA1

    2132465f14b8910d650fc432e07d505a277ba33d

  • SHA256

    00a0bc861d373a173fa465705d2e6760401413e6daee4d4ee13a5205256553b1

  • SHA512

    b0692d77fedb5789a5602420e85a2e4bb6c4cda4ea5d0e4ecfe2b1dd2844a28dff5c6a0537187f9269bbeefceb199a3bfa4867f41ca55107362c450ecb9d0e2b

  • SSDEEP

    6144:VoBJ469J803mzXLavaHWydKiztOdIRzduOqPxPmMoemVdDq:VoBC6uiWZ5zt8IvuxeM5mVh

  Score

  10^/10

  gozi_ifsbbankertrojan3004persistence

  • Gozi, Gozi IFSB

    Gozi ISFB is a well-known and widely distributed banking trojan.

    bankertrojangozi_ifsb

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence
  behavioral1behavioral2