Extracted

• • Target

    7683cef6ecb5ad726f15c53143c1f2e0N.exe

  • Size

    163KB

  • MD5

    7683cef6ecb5ad726f15c53143c1f2e0

  • SHA1

    5915fdb38628715046f5fb60781edadb0996a1e2

  • SHA256

    c3f8383d75c9393c71a18763eb77fdd18675b1c8d7fa7e16bb8c898d907d39dd

  • SHA512

    6b71d4fd3cc7eaed42c74e9f0818be65538eb7ef6049b4f8b7a51fa5aed623359c4ba81d30f5fae8ac37e2a93795144cc11bda0c184faeb76fe43e8aca1a5b11

  • SSDEEP

    1536:PD3RQqMxC4F2/9vnYzyOl16WlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:fMxC4F2/azyOlQWltOrWKDBr+yJb

  Score

  10^/10

  discoverypersistencegozibankerisfbtrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2