Extracted

• • Target

    bb02dd9aae8803ec66d22b3bff153fcba2127bc192a6cdafdd07a22ebea94a02

  • Size

    163KB

  • MD5

    e896d199a23f63b7ecc7fa88a152d541

  • SHA1

    91c8123868a557f69173f070935e95450e06add9

  • SHA256

    bb02dd9aae8803ec66d22b3bff153fcba2127bc192a6cdafdd07a22ebea94a02

  • SHA512

    a333d1bde3413272ec85213b2e71053e5cd093feca13169324d5faa8e8de00cb22c57ddad33aecd40222513243aca6932d6b763705e03d9519a2eef2201a6b19

  • SSDEEP

    1536:P6X1m4ROczpATL+4BT0sDRo/clProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:b4RjpI1T0sDRGcltOrWKDBr+yJb

  Score

  10^/10

  discoverypersistencegozibankerisfbtrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2