Extracted

• • Target

    a562e4fdfa82304acea4bed666bd71068a157728f629ed3d7f12e0e34be9bfdb

  • Size

    163KB

  • MD5

    ab894ae55ae593d835d947e18a9bd001

  • SHA1

    65faebaf2437352bb4a74f627a4a6a00b5942265

  • SHA256

    a562e4fdfa82304acea4bed666bd71068a157728f629ed3d7f12e0e34be9bfdb

  • SHA512

    cbdabecb433f9b5c2c305268ca937654b04eb241460b1240ff366d125ce1cc2dee7b70c87de4720d31a40ab6ae0747fdf9b6ed1dc695962f075ed6e022f8fa03

  • SSDEEP

    1536:POO29YX7ywR/ZWVRzb1SQn8lProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:Ngsf/ZWV3SQn8ltOrWKDBr+yJb

  Score

  10^/10

  discoverypersistencegozibankerisfbtrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2