Extracted

• • Target

    d51d44aa4ce3c727ef9b2abacbb7b5b0N

  • Size

    163KB

  • MD5

    d51d44aa4ce3c727ef9b2abacbb7b5b0

  • SHA1

    da1127b8cb998a8ef0987cb93452cef82c821969

  • SHA256

    cc3bd5614f257e64203b53202e3d4d87d2444b1cc9bd4fb7f0cffaffceef4afb

  • SHA512

    c2924ddc4044359d20cb7deac2e9ce84dd22f8aef01546297c17238f7e8788c24c71d0fd7a9058cbd592c9b53ea4c1159c6607a5c7913c0b432fb74db65eccf1

  • SSDEEP

    1536:PTXZfGLNUVPQP53KYneQ5QBYfdhlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:DZi33ZnehghltOrWKDBr+yJb

  Score

  10^/10

  discoverypersistencegozibankerisfbtrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2