Extracted

• • Target

    e3e854c21e9947d39c88bc0cefc4dc20N

  • Size

    163KB

  • MD5

    e3e854c21e9947d39c88bc0cefc4dc20

  • SHA1

    4761f867d485ab1cfd5a4762a86bada84c95c4a7

  • SHA256

    9042e9c70221e553f74827915874d9bd28b2c40cc520507f40038673f5653f0a

  • SHA512

    00f4bbad593c6abf5192e479c979c4827492eab02a68c09d7a46a210272542a58d58e878a40c6ee33678d76e672fa38b1d4255a2d65a6cdd0feb24af008f31c9

  • SSDEEP

    1536:PERyEB/6UaMBdYlOzzinpsGFii9G0WlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:vEZMYSpFFiHNltOrWKDBr+yJb

  Score

  10^/10

  gozibankerdiscoveryisfbpersistencetrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2