Extracted

• • Target

    3109929759f9692a5ba915d95a4a7ab44e6e63fd70501a8a8fb1353d81cfd349.exe

  • Size

    465KB

  • MD5

    b83dd5aaf32a41268e3084ab3becc916

  • SHA1

    98d2dda31906ad54869b443c9b5d3faf3cec4522

  • SHA256

    3109929759f9692a5ba915d95a4a7ab44e6e63fd70501a8a8fb1353d81cfd349

  • SHA512

    564a56d5cc7a7739e1d96f7615647150b4231c86eb7891e79e56049f4b59f842233601bd300caee586f1a0fc122de09e0d66c5e16e1838def0512c9534ca2423

  • SSDEEP

    6144:Rb84Tl/Lu3njPX9ZAkvntd4ljd3rKzwN8Jlljd3njPX9ZAk3fU:RtMjP9ZtVkjpKXjtjP9ZtM

  Score

  10^/10

  gozibankerdiscoveryisfbpersistencetrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Gozi family

    gozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2