Extracted

• • Target

    d5e3e6ed502bf58999269571bbbe943c4d15d9ca543dd234920b0a042f1cd040

  • Size

    163KB

  • MD5

    4269cd2f61df1ee690e534dfad0e7a01

  • SHA1

    d4dfeafeb7e82008bee512b3646afdc1e733b505

  • SHA256

    d5e3e6ed502bf58999269571bbbe943c4d15d9ca543dd234920b0a042f1cd040

  • SHA512

    33b233a3384c7661d4f29b531f8865d53fa3c12a76a5a64f8c490c2d702ac32b04a5289550cb4680f02958f8cc73e4d7a867d5b5c5405e97294f64f4378d203b

  • SSDEEP

    1536:PPe7FVooFSOWUy+0MyK3wdsA9lProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:CFmqyRjK3w2A9ltOrWKDBr+yJb

  Score

  10^/10

  discoverypersistencegozibankerisfbtrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2