Extracted

• • Target

    28c49eb4f2dfa09ab41ec5ba7fe96eaf_JaffaCakes118

  • Size

    539KB

  • MD5

    28c49eb4f2dfa09ab41ec5ba7fe96eaf

  • SHA1

    e28d4cb57b9836d29e324d9e51692b84a50a3ca5

  • SHA256

    eb3e91eb6062ab5dc2682efa3d6485e13745426d5c43c0f8c5da34d85419f3bb

  • SHA512

    8d95224a8561d0f5ff4f270447b1c392dd41ee5833dbafdf37b3e8412e3bf7c61bc74c01a789dd92cf7173995698a7cf3ad1a643f8fd2dc4a99d9a4944b30c2f

  • SSDEEP

    12288:vdnBNl0RtTNxfSiCjtFYS9ief6JsYVtajaxIABxnjG8oi8WrT:T0rTNpSJtFTNYV4jZABlG8h1/

  Score

  10^/10

  gozibankerisfbpersistencetrojan

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2