Extracted

Extracted

• • Target

    0x000e0000000122f1-58.dat

  • Size

    37KB

  • MD5

    b7ce4f9f6ecd85bb5edbb6964226fdb6

  • SHA1

    12b28a42e960dfc522348eba37b00ea74a0df527

  • SHA256

    bf5845a6b0df356338cc4ae53dd2cdefcb114bd95f351e55fd430cee5408ffeb

  • SHA512

    1f5588d5b0816bbfc51394f434a9a80a96c68b66ca86a6a3cd53d64bf6a63751902c5f782a15522749231022c2695c6df7fbc604ae1d242f21554269f6d31e86

  • SSDEEP

    768:7QLm41fM01vAoyRdq63goMWPXE2bE/JVMq2LATqeeAeOu2D2wqmLiuU:7L41fMSvVAdqlaPGhVMq2LpeReOb2Pmm

  Score

  10^/10

  gozi_ifsb10103bankertrojan

  • Gozi, Gozi IFSB

    Gozi ISFB is a well-known and widely distributed banking trojan.

    bankertrojangozi_ifsb

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2