gozi_rm3 | c7552fe5ed044011aa09aebd5769b2b9f3df0faa8adaab42ef3bfff35f5190aa | Triage

Resubmissions

09-03-2021 16:09

210309-7n13ybp6e6 10

13-07-2020 07:31

200713-tk9e1ynrne 10

Sharing

General

Target

1844sase.exe
Size

332KB
Sample

210309-7n13ybp6e6
MD5

51373389a8df39b4101b69346e3ba336
SHA1

022acbdec0f0fa53874aa959dccebe107d6b871f
SHA256

c7552fe5ed044011aa09aebd5769b2b9f3df0faa8adaab42ef3bfff35f5190aa
SHA512

d09efb3f00adacd97a46d9bbcbb9b0c2b7a78db66ad57e9491f8ad73d1c5b242b5e4248d61254058123e0d795dd95a7560cbb73252872ff2ebd79ace58f843fc

Score

10^/10

gozi_rm3 92020291 banker cryptone packer trojan

Malware Config

Extracted

Family

gozi_rm3

Botnet

92020291

C2

https://vilecorbeanca.xyz

Attributes

build
300913
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  1844sase.exe
- Size
  
  332KB
- MD5
  
  51373389a8df39b4101b69346e3ba336
- SHA1
  
  022acbdec0f0fa53874aa959dccebe107d6b871f
- SHA256
  
  c7552fe5ed044011aa09aebd5769b2b9f3df0faa8adaab42ef3bfff35f5190aa
- SHA512
  
  d09efb3f00adacd97a46d9bbcbb9b0c2b7a78db66ad57e9491f8ad73d1c5b242b5e4248d61254058123e0d795dd95a7560cbb73252872ff2ebd79ace58f843fc
Score

10^/10

gozi_rm3 92020291 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm392020291bankertrojan