Extracted

• • Target

    cb0be58d4aae844af1205b945dbde560N

  • Size

    163KB

  • MD5

    cb0be58d4aae844af1205b945dbde560

  • SHA1

    d70208e26c03f3da030e5edc333acc0f243faafb

  • SHA256

    efffcdc792ea9225dab82ab47a018714fa46c8983cb1fb494322b665bf853190

  • SHA512

    b0f746d3a6dc4f4ec394383305892996fef25b03b427940b15f59cb5421e1ead0aa457166ca93775f000e9269b207f4353c03b516024bac18c017ab3d640878a

  • SSDEEP

    3072:3cir1k7DWIWGAL1FEx+ltOrWKDBr+yJb:/mOeALDu+LOf

  Score

  10^/10

  discoverypersistencegozibankerisfbtrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2