Extracted

• • Target

    1064209b82e6125f69c084040f0b6974318e4177827ee3aa0677854f3b9d6ad9.exe

  • Size

    3.0MB

  • MD5

    da71f21e17cbdbaa61559208f749b05a

  • SHA1

    25bbda63d584499839fc74176347eba9123a5aec

  • SHA256

    1064209b82e6125f69c084040f0b6974318e4177827ee3aa0677854f3b9d6ad9

  • SHA512

    39af3c295fd18e912f94fb0547204f0007c1aab60086f0f087eb0a68f37027a8587b5c229f497a1383d1b1ee813bb27f7960de8e65e088e8ff4e2fbcf2b88815

  • SSDEEP

    49152:NM6QvSFjoSiwYdqtQwx4HIkfBusKoXMhQqcZocr9ZRKDW9YMNf0P0ZUKLo/l:NMFwESiPd+mok6hQroCKDWWMxUKLo/l

  Score

  10^/10

  gozibankerdiscoveryisfbtrojanupx

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Gozi family

    gozi

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2