Extracted

• • Target

    25398d4298dfa4c2db7ff23f31b7f2801c783c6c3eb7238237cc6ab5512ebb2aN

  • Size

    320KB

  • MD5

    67f431db35e156ba80f45c4dfbf0dac0

  • SHA1

    c87f9a53e5c7cb596d6e5bdfb417a5597903a79c

  • SHA256

    25398d4298dfa4c2db7ff23f31b7f2801c783c6c3eb7238237cc6ab5512ebb2a

  • SHA512

    9dd11e4304c4eb8ae0e81dfca1d48afc8a6e59edcec6635d9cc974d90919bb4adb4d26b471cd595b2dbd2d953d5a420ce8652efda973acd662eaff3fda15caea

  • SSDEEP

    6144:kPT7VVsVQ///NR5fLvQ///NREQ///NR5fLYG3eujj:k8w/Nq/NZ/NcZq

  Score

  10^/10

  gozibankerdiscoveryisfbpersistencetrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2