Extracted

• • Target

    f7ebd27e0815f37a1b808e1136b41e50N.exe

  • Size

    163KB

  • MD5

    f7ebd27e0815f37a1b808e1136b41e50

  • SHA1

    d3dc1fd2c1b208483fa0acd25cbb61bf1d9e6161

  • SHA256

    835eab87d5e60954a6c4000ca4fc443b3045b73ac7e2ecdafc5f565937132205

  • SHA512

    51a1d7d13d201298649aeac3aedfa3fec36e5fe9f11b7b651f4e47776455e2e17bd4e050373424dd1472b45808d6b83c6aa568752cad5fbcfa1c8370776a2617

  • SSDEEP

    1536:PdY5nEea01cmUdrfqMSLVklProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:VY5nJVKrABkltOrWKDBr+yJb

  Score

  10^/10

  discoverypersistencegozibankerisfbtrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2