Extracted

• • Target

    e917bae4efa8aac458c1019decadc35917299e62c6e42decff9049679ad0b1ab

  • Size

    163KB

  • MD5

    8b7633fd6e9f108268d0e03b83812a4c

  • SHA1

    b1825749b2148b2caf3a957abd21af36577a76cf

  • SHA256

    e917bae4efa8aac458c1019decadc35917299e62c6e42decff9049679ad0b1ab

  • SHA512

    744ee1d487c046b165f0070f3c362032810700e3a8de7e4eb5be01675a249cf52c2885b4ee5ff5eeee806c4ff7cff03a1fc366a9616d1b77ed36b5f80bbbcc0b

  • SSDEEP

    1536:PPE+OqMzk/EHNvbRtRZWebhI3MTl2XlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:k5qMVH/tjWKj2XltOrWKDBr+yJb

  Score

  10^/10

  gozibankerdiscoveryisfbpersistencetrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2