Extracted

• • Target

    2d51fb542ad40e580a7fc9451dcf1575aabcc88c32c44c477ab16e400be05cb2

  • Size

    163KB

  • MD5

    aced590fe183b53eab11373386804861

  • SHA1

    f8e47918d7658e43704dbe77279217a404fcec87

  • SHA256

    2d51fb542ad40e580a7fc9451dcf1575aabcc88c32c44c477ab16e400be05cb2

  • SHA512

    f6534dd8680c0082c5e0b857ac5327a1841a81869c41b94bfbc4b14ac87ae28c3d5ced1a06356d88e00193a7307dcccc6b61fbfdd6dc994f4be2dc3beec8fee9

  • SSDEEP

    1536:POH5lTJMcrqUG2aUl4klProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:IegdHaUCkltOrWKDBr+yJb

  Score

  10^/10

  gozibankerdiscoveryisfbpersistencetrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2