Overview

overview

10

Static

static

ewgr.png.dll

windows7_x64

10

ewgr.png.dll

windows10_x64

10

Resubmissions

03-11-2021 15:58

211103-tevassebf4 10

02-11-2021 04:23

211102-ez9hwsbfd6 10

02-03-2021 13:16

210302-qalv52kwwj 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ewgr.png.dll

  • Size

    646KB

  • Sample

    210302-qalv52kwwj

  • MD5

    cf24c392a94a9bd8f381f0de2926a4f2

  • SHA1

    bf5ba2b5f9062b1a99797b593e378a1e59faa142

  • SHA256

    b4f98cb2d21258819d8678c29486a2e7854d576efc28b58d930551ca5aa24f20

  • SHA512

    ef2707615abb03cdda353d1ed081814fd77b0af78315d410736bb5e989d42f634c75f876c062254c25ec96e5b7fbb78bf41c7651cbd7d2efa68a49de61848ec0

Score
10/10
gozi_rm3201193209bankertrojan

Malware Config

Extracted

Family

gozi_rm3

Botnet

201193209

C2

https://binobin.xyz

Attributes
  • build

    300932

  • exe_type

    loader

  • non_target_locale

    RU

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.base64
serpent.plain

Targets

    • Target

      ewgr.png.dll

    • Size

      646KB

    • MD5

      cf24c392a94a9bd8f381f0de2926a4f2

    • SHA1

      bf5ba2b5f9062b1a99797b593e378a1e59faa142

    • SHA256

      b4f98cb2d21258819d8678c29486a2e7854d576efc28b58d930551ca5aa24f20

    • SHA512

      ef2707615abb03cdda353d1ed081814fd77b0af78315d410736bb5e989d42f634c75f876c062254c25ec96e5b7fbb78bf41c7651cbd7d2efa68a49de61848ec0

    Score
    10/10
    gozi_rm3201193209bankertrojan

    • Gozi RM3

      A heavily modified version of Gozi using RM3 loader.

      bankertrojangozi_rm3

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks