Extracted

• • Target

    ec3539b7684af7a8a5c9cb41f8a1acf0N.exe

  • Size

    163KB

  • MD5

    ec3539b7684af7a8a5c9cb41f8a1acf0

  • SHA1

    eff5778a5c7502ae6555149e959f13faebd91006

  • SHA256

    4ab0b58f14a559e2a5add8766eecbe83f32654f9a31c4ee5c85d56ac21030276

  • SHA512

    8923b35be2c370d14d5943405baf119fe6483e9ddc5492319b20965d8b1202a3194df7084d64e8bc2714dc61e8df217875987c76f3009d2f4a40f23df012872b

  • SSDEEP

    3072:k+YAouuRzVd9WOc9IjFspeS9FW2sltOrWKDBr+yJb:k+YAgzVd9WOc9IjFs/FW2sLOf

  Score

  10^/10

  gozibankerdiscoveryisfbpersistencetrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2