Extracted

• • Target

    Backdoor.Win32.Berbew.pz-f5a411313b9ec1c69fcc8f69a58e02fbe22425beb52a68f6a274537bf427732eN

  • Size

    163KB

  • MD5

    f2e970f9f9839dd73c5b215a4c4f8bc0

  • SHA1

    0cbbbddf2ce3a8d3ce6fc619588958e4322bb7ea

  • SHA256

    f5a411313b9ec1c69fcc8f69a58e02fbe22425beb52a68f6a274537bf427732e

  • SHA512

    f2e92da2c17f3369093bc39f201c4847fbb9e0845be9bf3fdf6efc0bf74f3fc56c588335a1d3ae3a7a355d9386233a4704141c29fb21dd9bf7663a6f37e94b57

  • SSDEEP

    3072:N6eWi/uR977eWStv4H47Bo5ltOrWKDBr+yJb:tWlk7Bo5LOf

  Score

  10^/10

  gozibankerdiscoveryisfbpersistencetrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2