gozi_rm3 | 5073bca8e140ee4bd11545a493df2423dfeb19c0104de21a5ffcb6f1e43e3820 | Triage

Sharing

General

Target

8f6b3ca7b7afd249f3fc68f7ff2ce5ca5a206c2a1d123b5ac3aa28bf7f1eabd8.zip
Size

148KB
Sample

210526-ffra94dpz6
MD5

95e2e596f332505e1ae676bfc7901e6c
SHA1

06cce2bb1eea7aa8faa342c4735394eed067c0c1
SHA256

5073bca8e140ee4bd11545a493df2423dfeb19c0104de21a5ffcb6f1e43e3820
SHA512

172416167d00a3bd66f1cdcaec9358c4e0ffc246e80e11a7f673f0b3368cc3dbecc3361880a51a1898450751f5c7f3fe86ecc6dc283c016085d26f6c0e03cab2

Score

10^/10

gozi_rm3 202105141 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Botnet

202105141

C2

https://robonight.xyz

Attributes

build
300968
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  8f6b3ca7b7afd249f3fc68f7ff2ce5ca5a206c2a1d123b5ac3aa28bf7f1eabd8.exe
- Size
  
  279KB
- MD5
  
  e51e8d553d497180c028cbd9b3123d32
- SHA1
  
  902d5707d5e8d6d4e6f6e60e1b95aea5609723c6
- SHA256
  
  8f6b3ca7b7afd249f3fc68f7ff2ce5ca5a206c2a1d123b5ac3aa28bf7f1eabd8
- SHA512
  
  5ed08018b744233fd72f3c283b55e3809cc628e6d82edcbdf6f9ae6170c6e20faa8fc499d0949fc68695f98d757701418247b955f261a95bf7b6dc31b155f437
Score

10^/10

gozi_rm3 202105141 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3202105141bankertrojan

behavioral2

gozi_rm3202105141bankertrojan