Extracted

Extracted

• • Target

    7e7e6b550a1cc8625016814e24780eabf42b96a6e9c7914a051631579c8ab9fa

  • Size

    318KB

  • MD5

    46942efbb2747e803d2932fc79cf0a25

  • SHA1

    f6587858ec53242f603d4f61e9f61705ad9f226e

  • SHA256

    7e7e6b550a1cc8625016814e24780eabf42b96a6e9c7914a051631579c8ab9fa

  • SHA512

    fe3e9eaae8a4b7f9d524fde2f947157dff4307601358d612e8e3be5f18997db14569825cb52c4b2b3299f4567cc905ab1c58978b266903722e687f04cf1c7f8b

  • SSDEEP

    6144:H9NX1icUq9uT3LngX1O28KS4xQ0ys8DP1LR1DLO9k80PCpCos8IGH14jlCqZgc:dNX1pUbLC1ZTS4xgnNDL3apC78IG8lCe

  Score

  10^/10

  gozi1001bankerisfbpersistenceransomwaretrojan

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Modifies Installed Components in the registry

    persistence

  • Deletes itself

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  • Sets desktop wallpaper using registry

    ransomware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2