Extracted

• • Target

    53779f65a2adb441727ec18b961a8e289a80f7a339a6aaae2ae0c7348d845c3a

  • Size

    163KB

  • MD5

    86533bb284f0702e43f72deb88e778ff

  • SHA1

    46f3c1509c3c820416be1331c1dd8460964bbcb7

  • SHA256

    53779f65a2adb441727ec18b961a8e289a80f7a339a6aaae2ae0c7348d845c3a

  • SHA512

    d42547acce9fc382349a97e89b29fcf23623e9f15996e7505875fe979ad98cc9532eb02438d19c83736c7661cabb170ccdd7027b07865ab7b3fe1d52c4c3fb05

  • SSDEEP

    1536:P6O+isGIIv9amW7WggP0U2mZulProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:COJQmW7WgRc8ltOrWKDBr+yJb

  Score

  10^/10

  discoverypersistencegozibankerisfbtrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2