Extracted

• • Target

    d0c4bfbc0767fa2a211c715578c012b0N

  • Size

    163KB

  • MD5

    d0c4bfbc0767fa2a211c715578c012b0

  • SHA1

    f2dd7cfadef5d57f39c49334413c4eb727ebeee4

  • SHA256

    4fad88ac2fb73bc8ea90f6f281a91cf3ef02089dc4c8d67cf0514dc244faee44

  • SHA512

    50457c1e1f957cf90c35190bbd005e47e02b3fed67b2994b9224f7dde6cf366a79f45792c4c234e1f6f9ae17a495a89c2d14d74c59192141134b1e561701adc2

  • SSDEEP

    1536:PxkbEMpR8KULVbuvvAJe9pBGlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:pkAORsVbuvvAJ4pBGltOrWKDBr+yJb

  Score

  10^/10

  gozibankerdiscoveryisfbpersistencetrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2