gozi_rm3 | 461f8dba6d54344d8f3414d0a2ee03bf12efbf8538d7e781e7c76860d0af52cd | Triage

Analysis

max time kernel
14s
max time network
112s
platform
windows10_x64
resource
win10v20210408
submitted
12-07-2021 11:20

Sharing

Report Analysis Logs

General

Target

436.exe
Size

177KB
MD5

436e58129cb75672cbf4ef00ad4a2975
SHA1

1b96da3482ef6a1d9f0b67d7b0e58904aa3f86b2
SHA256

461f8dba6d54344d8f3414d0a2ee03bf12efbf8538d7e781e7c76860d0af52cd
SHA512

b77712dbbaba7383ec57d975b7dd8662da2b2242811f29beedca9ed5c70a3314621acb998599bdacf42fe8fc3472e499ec3654baf0a3b1a39220f998b9b38462

Score

10^/10

gozi_rm3 banker trojan

Malware Config

Extracted

Family

gozi_rm3

rsa_pubkey.base64

Signatures

Gozi RM3
A heavily modified version of Gozi using RM3 loader.
banker trojan gozi_rm3

C:\Users\Admin\AppData\Local\Temp\436.exe
"C:\Users\Admin\AppData\Local\Temp\436.exe"
1⤵
PID:804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/804-114-0x00000000001C0000-0x00000000001CA000-memory.dmp

Filesize
40KB

Download
memory/804-118-0x0000000001000000-0x00000000037EE000-memory.dmp

Filesize
39.9MB

Download
memory/804-117-0x0000000000030000-0x0000000000037000-memory.dmp

Filesize
28KB

Download