gozi_rm3 | 7bcf94551f01cde9cc82ea6c5b86929eb4ec341adf30af715af2bf0c2ecb6ed4 | Triage

Sharing

General

Target

7bcf94551f01cde9cc82ea6c5b86929eb4ec341adf30af715af2bf0c2ecb6ed4
Size

329KB
Sample

210624-llvwxtw8se
MD5

b8dfb0c597f151c882146dc2a8ecd086
SHA1

b8f5dcf26989fbfba9703442185b7e6d60739080
SHA256

7bcf94551f01cde9cc82ea6c5b86929eb4ec341adf30af715af2bf0c2ecb6ed4
SHA512

4307a9dc66a4abc82637b8a58cf18acdcba491434aedbf91c283d0c861fa4681b12ce2b60f043eeff8416b80280fc49ba12615ba35bc8630f7c5767db5cef3ad

Score

10^/10

gozi_rm3 202106191 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300974
exe_type
loader

Extracted

Family

gozi_rm3

Botnet

202106191

C2

https://gogorobest.xyz

Attributes

build
300974
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  7bcf94551f01cde9cc82ea6c5b86929eb4ec341adf30af715af2bf0c2ecb6ed4
- Size
  
  329KB
- MD5
  
  b8dfb0c597f151c882146dc2a8ecd086
- SHA1
  
  b8f5dcf26989fbfba9703442185b7e6d60739080
- SHA256
  
  7bcf94551f01cde9cc82ea6c5b86929eb4ec341adf30af715af2bf0c2ecb6ed4
- SHA512
  
  4307a9dc66a4abc82637b8a58cf18acdcba491434aedbf91c283d0c861fa4681b12ce2b60f043eeff8416b80280fc49ba12615ba35bc8630f7c5767db5cef3ad
Score

10^/10

gozi_rm3 202106191 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_rm3202106191bankertrojan

behavioral2

gozi_rm3202106191bankertrojan