gozi_rm3 | 9fdea3c8167bc38dd8e53a51ea4c5ac366a56a342db0b1d638db33938a36c6a9 | Triage

Sharing

General

Target

MpCsDEtv.exe
Size

880KB
Sample

210909-x5hlgagff6
MD5

78a60f691996b8c5b360301a28fe32d7
SHA1

2e9b4d897355ab99a003d6eb0962ddd9eef2a7d6
SHA256

9fdea3c8167bc38dd8e53a51ea4c5ac366a56a342db0b1d638db33938a36c6a9
SHA512

88043221a6206e6592665395a5f2736dee463289f356aa15ef384ff514c0fa86b76438e7dd16d24735d622b62d92c9035119bd01f3f771ed97a090e11d5105cd

Score

10^/10

gozi_rm3 202108021 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300981

Extracted

Family

gozi_rm3

Botnet

202108021

C2

https://haverit.xyz

Attributes

build
300981
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  MpCsDEtv.exe
- Size
  
  880KB
- MD5
  
  78a60f691996b8c5b360301a28fe32d7
- SHA1
  
  2e9b4d897355ab99a003d6eb0962ddd9eef2a7d6
- SHA256
  
  9fdea3c8167bc38dd8e53a51ea4c5ac366a56a342db0b1d638db33938a36c6a9
- SHA512
  
  88043221a6206e6592665395a5f2736dee463289f356aa15ef384ff514c0fa86b76438e7dd16d24735d622b62d92c9035119bd01f3f771ed97a090e11d5105cd
Score

10^/10

gozi_rm3 202108021 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3202108021bankertrojan

behavioral2

gozi_rm3202108021bankertrojan