Extracted

• • Target

    78ad6d8362b9c2c59a227c4215fc2b60N.exe

  • Size

    163KB

  • MD5

    78ad6d8362b9c2c59a227c4215fc2b60

  • SHA1

    03b195ae246f7c332535d72d35d6bef9aee45aab

  • SHA256

    0b221d6bae6caf3d93b7bc866c41caf651837fa79e9677de4ea6630253383f75

  • SHA512

    dfb9479898e092d1a5be169df90d094d0e919a410d52c6d13dfc638c5f050bdbfbc55bd40413a3d3b4350272c5946e868791986e3790b8706c95f9baf5186746

  • SSDEEP

    1536:PNmK6IYq6xynaQN/2M/Rx1vAKYZlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:Qdga6/2M/Rx1vAKYZltOrWKDBr+yJb

  Score

  10^/10

  discoverypersistencegozibankerisfbtrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2