Extracted

• • Target

    52bf8f99df08e3ccd3d1aab5515aa840N

  • Size

    245KB

  • MD5

    52bf8f99df08e3ccd3d1aab5515aa840

  • SHA1

    6a7dc0eebcfb831752fcea9f9931d5a318e91431

  • SHA256

    b08bacf9bc69c96c9d0bbf87ec2ad1c29a8dd784dbec1cb3bb93d635bf1b6493

  • SHA512

    3d2fb76ae650fc287d968c3152cd6c5245c13e151c09251ffe71c4cc5dc01fb2b6326e883a7f3e47d748cf6c3806fccb8683f6106ce44559918e5081495a20df

  • SSDEEP

    1536:xS4Dea5aIhsbJpf1yqY3yqUml2qS7Oq/4cXeXvubKrFEwMEwKhbArEwKhQL4cXeV:xprajH1gyqUml2rOqwago+bAr+Qka

  Score

  10^/10

  gozibankerdiscoveryisfbpersistencetrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2