Extracted

• • Target

    9e31623e67d521d67013947df082c2b0N

  • Size

    163KB

  • MD5

    9e31623e67d521d67013947df082c2b0

  • SHA1

    6e0508cbee380ea4de229b1bf1a70149be08cdfa

  • SHA256

    50637299de14c3f5956d434750acc0c43129cdcfd20502308cfac5c5bafb9f46

  • SHA512

    5c0b17fa69f8c3708c556cfe55c9392b2ddae6bc4a7962ec75983e1a4784d51f47e2458471e4af75f377750c6ad2502c068fb9674ea9a67d02cc76604f495ea3

  • SSDEEP

    1536:PPQ5VgiZOZyE1FNLIHwLfI4OzA4Ll+FSax8FDyClProNVU4qNVUrk/9QbfBr+7Gh:Q5uFjE8KegDyCltOrWKDBr+yJb

  Score

  10^/10

  discoverypersistencegozibankerisfbtrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2