Extracted

• • Target

    8546cc881ba4e3760fc434fbff85e72730c6accaa739a1eb89d07d7d653ccc84

  • Size

    163KB

  • MD5

    d0578f12f8eab8176d04e5d2bff8b7de

  • SHA1

    3252372dc1908a52a38ea37f4e303b1b811c84d2

  • SHA256

    8546cc881ba4e3760fc434fbff85e72730c6accaa739a1eb89d07d7d653ccc84

  • SHA512

    bdc80e179b311e43a75184b95d8161934b70fdd8293e40d1262f1308353dab991a82776136d6cf220def233a9c2d7d0293305daeb2721af59fa7ff01f0ab0df4

  • SSDEEP

    1536:PXJ5egZM8e6jiHpCTVYfiwe9b+6a4KZnvWbqbjlProNVU4qNVUrk/9QbfBr+7Gw6:PS1ZnjltOrWKDBr+yJb

  Score

  10^/10

  discoverypersistencegozibankerisfbtrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2