gozi_rm3 | 0191114a1ad51d073bd2084d21f70d71f2ae748a790455c4a708915ad7533d2d | Triage

Sharing

General

Target

pattern.exe
Size

653KB
Sample

210903-s2gsjsgeek
MD5

dc8c09dcce354cf148b724e4b5210cc4
SHA1

ad6ce1717870b37859094456b32c40f2682a6755
SHA256

0191114a1ad51d073bd2084d21f70d71f2ae748a790455c4a708915ad7533d2d
SHA512

45945f13458647067693b0f1b8227408975bd803f1e4adfbc676d8ad661b6b425285b2b5979a07696f6091e7084974ead2fb35c10a0de0e8881b8a005e906bde

Score

10^/10

gozi_rm3 202108021 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300981

Extracted

Family

gozi_rm3

Botnet

202108021

C2

https://hotroad.cyou

Attributes

build
300981
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  pattern.exe
- Size
  
  653KB
- MD5
  
  dc8c09dcce354cf148b724e4b5210cc4
- SHA1
  
  ad6ce1717870b37859094456b32c40f2682a6755
- SHA256
  
  0191114a1ad51d073bd2084d21f70d71f2ae748a790455c4a708915ad7533d2d
- SHA512
  
  45945f13458647067693b0f1b8227408975bd803f1e4adfbc676d8ad661b6b425285b2b5979a07696f6091e7084974ead2fb35c10a0de0e8881b8a005e906bde
Score

10^/10

gozi_rm3 202108021 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3202108021bankertrojan

behavioral2

gozi_rm3202108021bankertrojan