Extracted

• • Target

    3e2d2bf3c03a322a165e8c2fcd2fd31bc944e241c3744fbd6bc0337e77e9a8e5

  • Size

    163KB

  • MD5

    eec13488ff6b98ebafa898f70bc85d6a

  • SHA1

    b8bcecfaab323cc5f9fb3174f1d2afa9cbcdad90

  • SHA256

    3e2d2bf3c03a322a165e8c2fcd2fd31bc944e241c3744fbd6bc0337e77e9a8e5

  • SHA512

    15556b07d93aded6d75c27a343c2b4715bda0fbe28bd6252ff4bae3c502b507c7ef05bd018aae19a135f6862c4d949a23f322a03e76f3b4098f0b78fb0592a2e

  • SSDEEP

    1536:Pyyd6ZaMiegfwVADd/xecuhSSwmwGy1o+eVRhyFelProNVU4qNVUrk/9QbfBr+7g:1QaMi9igC4veDoFeltOrWKDBr+yJb

  Score

  10^/10

  discoverypersistencegozibankerisfbtrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2