Extracted

• • Target

    fe8409db4fe24a1e47503ff3c270a6d0N

  • Size

    163KB

  • MD5

    fe8409db4fe24a1e47503ff3c270a6d0

  • SHA1

    c6f43e3f1fc5269c71e18b12401d5b9d36f8cbf2

  • SHA256

    5ab48a0bb3dd83b59f8b217b8bd62ad9acd6263230e96d615e8fc8af574598e4

  • SHA512

    d4c0ab9bb875a2784ea8ee0f1e82ae736c010452c01c86d67a691dfa29365ed0f63d550a9621a89f10f7d1b89202278e96a43a47fbc7b45c9fa510b706b9dce6

  • SSDEEP

    1536:PxiCt/O0LHAkI0Ljbaq1KSlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:YCtXLHAF03bx1KSltOrWKDBr+yJb

  Score

  10^/10

  discoverypersistencegozibankerisfbtrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2