Description
A heavily modified version of Gozi using RM3 loader.
General
Target
Size
Sample
Software Two Pty Ltd
279KB
210525-578q7k73ej
Score
10/10
MD5
SHA1
SHA256
SHA512
e51e8d553d497180c028cbd9b3123d32
902d5707d5e8d6d4e6f6e60e1b95aea5609723c6
8f6b3ca7b7afd249f3fc68f7ff2ce5ca5a206c2a1d123b5ac3aa28bf7f1eabd8
5ed08018b744233fd72f3c283b55e3809cc628e6d82edcbdf6f9ae6170c6e20faa8fc499d0949fc68695f98d757701418247b955f261a95bf7b6dc31b155f437
Malware Config
Extracted
| Family | gozi_rm3 |
| Botnet | 202105141 |
| C2 |
https://robonight.xyz |
| Attributes |
build 300968
exe_type loader
non_target_locale RU
server_id 12
url_path index.htm |
| rsa_pubkey.plain |
|
| serpent.plain |
|
Targets
Target
MD5
Filesize
Software Two Pty Ltd
e51e8d553d497180c028cbd9b3123d32
279KB
Score
10/10
SHA1
SHA256
SHA512
902d5707d5e8d6d4e6f6e60e1b95aea5609723c6
8f6b3ca7b7afd249f3fc68f7ff2ce5ca5a206c2a1d123b5ac3aa28bf7f1eabd8
5ed08018b744233fd72f3c283b55e3809cc628e6d82edcbdf6f9ae6170c6e20faa8fc499d0949fc68695f98d757701418247b955f261a95bf7b6dc31b155f437
Tags
Signatures
-
Gozi RM3
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks
static1
Score
N/A
behavioral1
Score
10/10
behavioral2
Score
10/10