Extracted

• • Target

    05699af228b613aba27df056ea544530_NEIKI

  • Size

    163KB

  • MD5

    05699af228b613aba27df056ea544530

  • SHA1

    16e21ff9b64981df8f5dea096b98e4a84e36eca6

  • SHA256

    347c139624582b71cee225bd40f16dae2aea8a50fc2bbfedbb772e6493260535

  • SHA512

    fe51149082e71e977196a90c02022d9e91dc7b93173fc3a2c217e2983110328cc7ce5c248e3944dfc5fe0dd8fa1ea3fae8191872fecb08d92ee7958843f349e0

  • SSDEEP

    1536:PsasWvVnJFs1SP2k5CGwNzqo8lProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:Uajv9JFsEPD0Gmq3ltOrWKDBr+yJb

  Score

  10^/10

  persistencegozibankerisfbtrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2