Extracted

• • Target

    52137a6b906b5456fed18984d519a10605d1f3a04ff043385a5f6097126f9d37N.exe

  • Size

    465KB

  • MD5

    307b84c0d832c64dc6a1a868f90496c0

  • SHA1

    ddb94f4130f3266ad999e1cc9ee3adcd416dce77

  • SHA256

    52137a6b906b5456fed18984d519a10605d1f3a04ff043385a5f6097126f9d37

  • SHA512

    34c46e20c07063e57204f8498bcccb8cb78f415a2096492c1e3cef7c90ae02601dac3c2cf1249a94a6f90a24cd4d9f6ddd7cd396fc2b6925d5082052e60bf820

  • SSDEEP

    6144:bv8V7HIyc5bHu3njPX9ZAkvntd4ljd3rKzwN8Jlljd3njPX9ZAk3fs:gV7HbG6jP9ZtVkjpKXjtjP9Zt0

  Score

  10^/10

  gozibankerdiscoveryisfbpersistencetrojan

  • Adds autorun key to be loaded by Explorer.exe on startup

    persistence

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

  • Gozi family

    gozi

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2