Extracted

• • Target

    d59e7f2e3257fc708af0b90e91462efc2b6ca885af5c6f6dfe473a5fa412a6eb

  • Size

    163KB

  • MD5

    ced3ed83128696c16eef4c0e8b87b972

  • SHA1

    b5fbdb81356088a7ad2c43429e39a03577f4079a

  • SHA256

    d59e7f2e3257fc708af0b90e91462efc2b6ca885af5c6f6dfe473a5fa412a6eb

  • SHA512

    4297de45b31d665a18c39cd244855d2fcb21378ab432799b2c371d5bea66d98df6c66df51275e967f4d0c61ad94b788f2b72135fc6f06cbd907b012a23d0c4bf

  • SSDEEP

    1536:P3McDWqgZfhfAXBT4EwY8TJlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:+ZpcTPw9TJltOrWKDBr+yJb

  Score

  10^/10

  gozibankerdiscoveryisfbpersistencetrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2