Extracted

• • Target

    27e7b1f86ab33fc5d848cdcdf3ed40f0_NeikiAnalytics

  • Size

    163KB

  • MD5

    27e7b1f86ab33fc5d848cdcdf3ed40f0

  • SHA1

    dbb4671ed906ae1ff6eb95f90ca36dfbe9a16c70

  • SHA256

    dddc52f6c350cade4f8ac54cbe222a12705d7e3d342ac3d4a772a31ae8f194e5

  • SHA512

    5fb504828e9f006b069f453265ddf806dfcb1599b6c9fbfa8889618de09ccbe9faee8807f27c50b8bb868121e0f5ca85f55e01831219a7ad2f3beb465cd529b3

  • SSDEEP

    1536:PXuzYmpvqAH8FNivVDsYRDFyQGlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:OhqAH8XivVDnyQGltOrWKDBr+yJb

  Score

  10^/10

  gozibankerisfbpersistencetrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2