Extracted

• • Target

    INJV2.exe

  • Size

    12KB

  • MD5

    f919eff1df3e3bc2894a77a603a1c12e

  • SHA1

    aeba53afc8a9d3c9766e967b9b85adfdba0aa4b5

  • SHA256

    aa4ee47c8ab931a02915fbede23a34ac01e653d9e64da989e7c59e4226a69f06

  • SHA512

    b3b5e23e0b4a6b583a0e03403739572da7f12b6270970b749114924251191cde83e1c711461b39081117e4bfb343505ab57247f1a918564cde646f50375718ba

  • SSDEEP

    192:mBZ+wmRp6Z4g42uX/z47EPvlYLxQt+9k1YbAsVV+0h8J1keM:mBqEN/c/zkJLWQoYtv++N

  Score

  10^/10

  gozibankerisfbspywarestealertrojan

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1