Extracted

• • Target

    c2721712884af79b3925a9461b6956ba_JaffaCakes118

  • Size

    502KB

  • MD5

    c2721712884af79b3925a9461b6956ba

  • SHA1

    5b16851628134c8fd01f3b0a19c98ab24c9e036b

  • SHA256

    1829a6442112ad58298059ea9ccfe9bbaa12de5465c5ad28a15009e1ee4552a1

  • SHA512

    df29f587c3fa46a4a2312ed336b2f5f184dbd2f7cd69073e9c10b0876d2151effd25494b2d8ef326967ab74b2cd156969009998a33e61157ec2c79663d7e9487

  • SSDEEP

    12288:6OzvBPEuLAOOxsgfj40bDKg0m7t4is8jYar:ousO+RDKgJBnsgYa

  Score

  10^/10

  gozibankerdiscoveryisfbpersistencetrojan

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Gozi family

    gozi

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2