gozi_rm3 | be294b6faca17e762d1722ea1e447a3ad3a57b4c110cfe8ff515e3d2047c5ad2 | Triage

Resubmissions

18-03-2021 22:02

210318-wg14eesjje 10

13-11-2020 10:22

201113-ycmfkdqrdn 10

Sharing

General

Target

be294b6faca17e762d1722ea1e447a3ad3a57b4c110cfe8ff515e3d2047c5ad2
Size

136KB
Sample

210318-wg14eesjje
MD5

fe590fd117449bce4bfad57d36bfc099
SHA1

a5c3d7738ebc1f1ce8353e135b8dcea17155077b
SHA256

be294b6faca17e762d1722ea1e447a3ad3a57b4c110cfe8ff515e3d2047c5ad2
SHA512

f8e39f1e83dd666fff67161864c75057a0f6b4ad1692f0013f0aef47d69ed350662f0784555a72fcdb34bb5937371c7d75010639d5ae31c32d7383ee10a6605b

Score

10^/10

gozi_rm3 2020109324 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Botnet

2020109324

C2

https://bonderlas.xyz

Attributes

build
300932
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  be294b6faca17e762d1722ea1e447a3ad3a57b4c110cfe8ff515e3d2047c5ad2
- Size
  
  136KB
- MD5
  
  fe590fd117449bce4bfad57d36bfc099
- SHA1
  
  a5c3d7738ebc1f1ce8353e135b8dcea17155077b
- SHA256
  
  be294b6faca17e762d1722ea1e447a3ad3a57b4c110cfe8ff515e3d2047c5ad2
- SHA512
  
  f8e39f1e83dd666fff67161864c75057a0f6b4ad1692f0013f0aef47d69ed350662f0784555a72fcdb34bb5937371c7d75010639d5ae31c32d7383ee10a6605b
Score

10^/10

gozi_rm3 2020109324 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm32020109324bankertrojan