Extracted

• • Target

    edf38899a1dd1c07b0e393b191732ca74f8907ec54aad5b522ac40cd06f68d75

  • Size

    163KB

  • MD5

    dbc19845956f64fbb316e1217fee0b17

  • SHA1

    ff23dd6727ccf005173a842a2f45123705019ed5

  • SHA256

    edf38899a1dd1c07b0e393b191732ca74f8907ec54aad5b522ac40cd06f68d75

  • SHA512

    b03015aecc8260fc527d26d95ef83944e53da5a8e574f5e9636481303417e600fc913fc36f2718026af8b04f59a876dfd41facf48c0e2b3ee47fabd1176d4792

  • SSDEEP

    3072:SRnKeqQ/qXPNmlFVr6L7jltOrWKDBr+yJb:whGslFg7jLOf

  Score

  10^/10

  discoverypersistencegozibankerisfbtrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2