Extracted

• • Target

    fce1754a2b4be2596a3cd9cd0b8257a0cedb05df87bfbadbf5101d3dfe9ce1e1

  • Size

    163KB

  • MD5

    b969c348d8adfaca5917fb8e710790ed

  • SHA1

    1c9df027c495aa5937ef006ef45591052b1183a7

  • SHA256

    fce1754a2b4be2596a3cd9cd0b8257a0cedb05df87bfbadbf5101d3dfe9ce1e1

  • SHA512

    a9928ab298842e7114ced3ca9950df0a6e6bbf63d8d2645de69813543a613ddecf736bd671fa3a3d6c8cc9726896cb3b717d3160f2fdaac9a0498e1240927683

  • SSDEEP

    1536:PC9mcI7yFldlyaaHHsktY9CttfrlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:aYcGuj+MktGsfrltOrWKDBr+yJb

  Score

  10^/10

  discoverypersistencegozibankerisfbtrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2