be294b6faca17e762d1722ea1e447a3ad3a57b4c110cfe8ff515e3d2047c5ad2

General
Target

be294b6faca17e762d1722ea1e447a3ad3a57b4c110cfe8ff515e3d2047c5ad2

Size

136KB

Sample

210318-wg14eesjje

Score
10 /10
MD5

fe590fd117449bce4bfad57d36bfc099

SHA1

a5c3d7738ebc1f1ce8353e135b8dcea17155077b

SHA256

be294b6faca17e762d1722ea1e447a3ad3a57b4c110cfe8ff515e3d2047c5ad2

SHA512

f8e39f1e83dd666fff67161864c75057a0f6b4ad1692f0013f0aef47d69ed350662f0784555a72fcdb34bb5937371c7d75010639d5ae31c32d7383ee10a6605b

Malware Config

Extracted

Family gozi_rm3
Botnet 2020109324
C2

https://bonderlas.xyz

Attributes
build
300932
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm
rsa_pubkey.base64
serpent.plain
Targets
Target

be294b6faca17e762d1722ea1e447a3ad3a57b4c110cfe8ff515e3d2047c5ad2

MD5

fe590fd117449bce4bfad57d36bfc099

Filesize

136KB

Score
10 /10
SHA1

a5c3d7738ebc1f1ce8353e135b8dcea17155077b

SHA256

be294b6faca17e762d1722ea1e447a3ad3a57b4c110cfe8ff515e3d2047c5ad2

SHA512

f8e39f1e83dd666fff67161864c75057a0f6b4ad1692f0013f0aef47d69ed350662f0784555a72fcdb34bb5937371c7d75010639d5ae31c32d7383ee10a6605b

Tags

Signatures

  • Gozi RM3

    Description

    A heavily modified version of Gozi using RM3 loader.

    Tags

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10