Extracted

• • Target

    dee9d4ccceb51b090da0a48609be47a0N.exe

  • Size

    163KB

  • MD5

    dee9d4ccceb51b090da0a48609be47a0

  • SHA1

    8526f7dff79fe6b27aa3e7861548dcc113a1f8a7

  • SHA256

    a9ed6c707a0e74c2cc0558b0569454b5abb88174be351c891dd0cfdac788c790

  • SHA512

    b375aa63aa4a3cedfaa6f88845494dfecb84a1d66bf53ca0cb45d2a9218507fb85358494b3acca505d00d8470ff8628f60a9f06846bd5605edfe237e2583d5f9

  • SSDEEP

    1536:Pdr9Z0HUjpatZJBA1U+je7LGjzlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:V9OUMLkDjzltOrWKDBr+yJb

  Score

  10^/10

  gozibankerdiscoveryisfbpersistencetrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2