Extracted

• • Target

    5042c1aad44e3afc00af9eb2cc33d1aaef6b7d4cc305cb6476246f4c76023c01

  • Size

    163KB

  • MD5

    bb0f40c268e4a432d7a2aa975fcb6699

  • SHA1

    074d9f623ec4dcc8629e408e2d574eaf382c0904

  • SHA256

    5042c1aad44e3afc00af9eb2cc33d1aaef6b7d4cc305cb6476246f4c76023c01

  • SHA512

    aa12eb0dd6ba3dfb471635f3511f3a434dbeb95a46cc3b9944b0fd3045cd9fa85fbcf83acf970d5a42b99fca0dfae1c196c518c36dab79ce3bfad4be80b36c4e

  • SSDEEP

    1536:PT7F9FrPa6uMah0oCl7eJzQlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:ZPafMah0oi8zQltOrWKDBr+yJb

  Score

  10^/10

  discoverypersistencegozibankerisfbtrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2