Extracted

• • Target

    405dab220cc88467cef7373b1c20b37a1151f5246139791bcf2753c9c095dc55

  • Size

    320KB

  • MD5

    541c76fadf831e71be3ddb1c0f8bb634

  • SHA1

    26fefd694e1569b403493781c70c73551f3eee65

  • SHA256

    405dab220cc88467cef7373b1c20b37a1151f5246139791bcf2753c9c095dc55

  • SHA512

    14f2b1baf74ce850eaa75e01065641e7f4ac3444fe8a90b7ff1e55d689074099e6cbe18fe65e6354fd8db19df5fde647d5d6acec55dbf3f600366885aa7fcb46

  • SSDEEP

    6144:RgQ1413TsVQ///NR5fLvQ///NREQ///NR5fLYG3eujj:RV141Qw/Nq/NZ/NcZq

  Score

  10^/10

  discoverypersistencegozibankerisfbtrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2