Extracted

• • Target

    20c87c0869153b17ff926fb0103befa6e8e1944c721d4a7e6e7cab19bc4db631

  • Size

    320KB

  • MD5

    b0f2498a87a90b1c6bd29584e7733183

  • SHA1

    fcc8cf9877c800fb2b1c798e88450964d1c2c742

  • SHA256

    20c87c0869153b17ff926fb0103befa6e8e1944c721d4a7e6e7cab19bc4db631

  • SHA512

    c6a5716e7a48166bb810ded0f15e8be7af1addbf00a868cbb544de145cbef2fd81e25a37b019a4e8ff720e8c9d62882b8d180d771f05d508763fab07c36cd92a

  • SSDEEP

    6144:NIf+UC8w6ZiuSsVQ///NR5fLvQ///NREQ///NR5fLYG3eujj:KfNZY8w/Nq/NZ/NcZq

  Score

  10^/10

  discoverypersistencegozibankerisfbtrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Gozi family

    gozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2