Extracted

• • Target

    dfca89ecd792f95f408b8ca7980e9070N.exe

  • Size

    163KB

  • MD5

    dfca89ecd792f95f408b8ca7980e9070

  • SHA1

    2655bc6b4c0a395191d061790ebe2c10359162b1

  • SHA256

    ed9b8489ff343575b1322549555a0a5228c811378a6926ad928c159626619abf

  • SHA512

    3b74415ec6c392c689dce754df3efe3469291d6af59a635006ef68045e9e3f5cc54b05ad2c7da54ff103423675749fe9733e7556da1c411b89d9912a0e7a9bbf

  • SSDEEP

    1536:P53VezWf0kb+5LccoVflProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:mzWfMvAfltOrWKDBr+yJb

  Score

  10^/10

  discoverypersistencegozibankerisfbtrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2