Extracted

• • Target

    e4b94c435714fc86747494400f1c26463a7fd636b176a0aefdf2477e43a8df86

  • Size

    320KB

  • MD5

    dcde67a3ed1edb41d299a8994fa05323

  • SHA1

    4ada52fd66c575786ab8bfe89682e65c861be500

  • SHA256

    e4b94c435714fc86747494400f1c26463a7fd636b176a0aefdf2477e43a8df86

  • SHA512

    ff90c504b6116b7bb0515e33ed17d1edb3e03d7a61b2021005dca7df0130798c83e83da3c1f6ab7d60696b55419be9f17186f23af50f98dac0a6f000cf20a811

  • SSDEEP

    6144:gNpxEH1sVQ///NR5fLvQ///NREQ///NR5fLYG3eujj:/Cw/Nq/NZ/NcZq

  Score

  10^/10

  gozibankerdiscoveryisfbpersistencetrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2