Extracted

• • Target

    a418c6f5f97f8d1f96808ad21b1ae53ef35ef75f5cd70207c146b1ba82c54449

  • Size

    163KB

  • MD5

    b27444a7afa3670a9e3c9052c8e231e1

  • SHA1

    78061baf7a7232630fdaa2e27731f40eb8863345

  • SHA256

    a418c6f5f97f8d1f96808ad21b1ae53ef35ef75f5cd70207c146b1ba82c54449

  • SHA512

    7047ab97a990b7a2b99af5ed43e5c1d553e820fe115b821c9109ad7095d5399ce1327b805b25db98a633177667665f6cac7bbb6f86ff5a4b0496ed7d27852ea4

  • SSDEEP

    1536:P+dmL4aNRVm5IdVMI1cbj8UYZ9GDMEB40OllProNVU4qNVUrk/9QbfBr+7GwKrPb:2mPndKHbjQ9GdW0+ltOrWKDBr+yJb

  Score

  10^/10

  discoverypersistencegozibankerisfbtrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2