Extracted

• • Target

    8541c3e5a2fea353fab1657575993319_JaffaCakes118

  • Size

    534KB

  • MD5

    8541c3e5a2fea353fab1657575993319

  • SHA1

    95383648af291e339dfa628a3950686e822e93d5

  • SHA256

    4897564a8c3fd201eb272b044f8c17a2518e6cc10fa6d1bbff806b4f012805ec

  • SHA512

    0ce82bf2397186e93d1f5f0f66576536dd66462d940b781a8e0f0e52041d3d3ca604dbfd15a3c4ee196780ecf23d9145edb997d9927a9f2261aaecb305ab7fe4

  • SSDEEP

    12288:8urQ2eY45lYMxuqLOjy9lmbCKyBXUe7S/kVpprgPs:nGlY8xheO/ke7SaR

  Score

  10^/10

  gozibankerdiscoveryisfbpersistencetrojan

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Gozi family

    gozi

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2