afe4ae071261d7c5e03b4e96e253182a270d1e2c4f772d4d947e5d5cf3005984.dll

General
Target

afe4ae071261d7c5e03b4e96e253182a270d1e2c4f772d4d947e5d5cf3005984.dll

Size

449KB

Sample

210325-e3xzs3jeqn

Score
10 /10
MD5

caec766872f0fc3c7e4af0bf1e5cc939

SHA1

dfb603663f5de381eafb617dccf51a2c30f34a4d

SHA256

afe4ae071261d7c5e03b4e96e253182a270d1e2c4f772d4d947e5d5cf3005984

SHA512

aa22e020c44220258aabf0950de87846860c4a7bea1a6e9c50f2a7fa6ca537952398b2322acab8a24c75424cabc1466cf00714d884db4f2252bf60b586e0ecf1

Malware Config

Extracted

Family gozi_rm3
Botnet 210301
C2

https://gotoregt.space

Attributes
build
300960
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm
rsa_pubkey.plain
serpent.plain
Targets
Target

afe4ae071261d7c5e03b4e96e253182a270d1e2c4f772d4d947e5d5cf3005984.dll

MD5

caec766872f0fc3c7e4af0bf1e5cc939

Filesize

449KB

Score
10 /10
SHA1

dfb603663f5de381eafb617dccf51a2c30f34a4d

SHA256

afe4ae071261d7c5e03b4e96e253182a270d1e2c4f772d4d947e5d5cf3005984

SHA512

aa22e020c44220258aabf0950de87846860c4a7bea1a6e9c50f2a7fa6ca537952398b2322acab8a24c75424cabc1466cf00714d884db4f2252bf60b586e0ecf1

Tags

Signatures

  • Gozi RM3

    Description

    A heavily modified version of Gozi using RM3 loader.

    Tags

  • Blocklisted process makes network request

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10