Extracted

• • Target

    dc6b1793df34f80670bef07032254ef7eff26912c8ad43ef4521d3f200b70319

  • Size

    163KB

  • MD5

    ba123dc52b41fb93fe799492acc5c5dd

  • SHA1

    3aa8dad8636f853a9422470fdc5c638aaffa981b

  • SHA256

    dc6b1793df34f80670bef07032254ef7eff26912c8ad43ef4521d3f200b70319

  • SHA512

    75697e01fc0489f3f5b893132e43032b5d57c0fa5e15d546372efc35735f2f131deed4f295650fcc8088c86015c2dab3911c5c21df5002a4dbbe4ba5957a7b54

  • SSDEEP

    1536:PraX/gtMEUBM3cM7zQFxSj/RQRyw0Js0S73EeN2olProNVU4qNVUrk/9QbfBr+7g:DaEaCTUu/RnSjExoltOrWKDBr+yJb

  Score

  10^/10

  discoverypersistencegozibankerisfbtrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2