32b2d32af004b6039b73f4ccd73df2bafe7a0343

General
Target

32b2d32af004b6039b73f4ccd73df2bafe7a0343

Size

539KB

Sample

210205-lmm8e3abda

Score
10 /10
MD5

d31c0491f522d6b9f2102109bd2420af

SHA1

dc1cccf0e43ec5a68326ae4faf1a8cbc5ac00708

SHA256

f7c79c0c3feb7c0032424f5f6a9bcdf78d1815ee53f807cc192c2c1f8f21270f

SHA512

48d659660654800da4eb3909a06572dfcf5f05ebdfb8629fafdfeab601673e3377d9a3a241f4bd36c3f4f912ac838dbc73926f734bfa8a76ec43fa726b28c3bd

Malware Config

Extracted

Family gozi_rm3
Botnet 201193207
C2

https://topitophug.xyz

Attributes
build
300932
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm
rsa_pubkey.base64
serpent.plain
Targets
Target

32b2d32af004b6039b73f4ccd73df2bafe7a0343

MD5

d31c0491f522d6b9f2102109bd2420af

Filesize

539KB

Score
10 /10
SHA1

dc1cccf0e43ec5a68326ae4faf1a8cbc5ac00708

SHA256

f7c79c0c3feb7c0032424f5f6a9bcdf78d1815ee53f807cc192c2c1f8f21270f

SHA512

48d659660654800da4eb3909a06572dfcf5f05ebdfb8629fafdfeab601673e3377d9a3a241f4bd36c3f4f912ac838dbc73926f734bfa8a76ec43fa726b28c3bd

Tags

Signatures

  • Gozi RM3

    Description

    A heavily modified version of Gozi using RM3 loader.

    Tags

  • Blocklisted process makes network request

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10