gozi_rm3 | 1fd238418ac4555bbad917983054d445b1134f135f610d0bce3b80919b75ed77 | Triage

Sharing

General

Target

1fd238418ac4555bbad917983054d445b1134f135f610d0bce3b80919b75ed77
Size

880KB
Sample

210910-g5qn3scffl
MD5

38bd49ed803d8d74ffbf1f93931d7c78
SHA1

52ff7462e7b4b65803f1ebc4615655c8b80eac16
SHA256

1fd238418ac4555bbad917983054d445b1134f135f610d0bce3b80919b75ed77
SHA512

775e9bcd7db808cd3a0285c14b4f67a4bc33c4c4c6f43e8045c8f8b89c41a705f008c7241107d0409e0a10566a1666acc303493d4a6c39235c82b1e0e9867530

Score

10^/10

gozi_rm3 202108021 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300981

Extracted

Family

gozi_rm3

Botnet

202108021

C2

https://haverit.xyz

Attributes

build
300981
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  1fd238418ac4555bbad917983054d445b1134f135f610d0bce3b80919b75ed77
- Size
  
  880KB
- MD5
  
  38bd49ed803d8d74ffbf1f93931d7c78
- SHA1
  
  52ff7462e7b4b65803f1ebc4615655c8b80eac16
- SHA256
  
  1fd238418ac4555bbad917983054d445b1134f135f610d0bce3b80919b75ed77
- SHA512
  
  775e9bcd7db808cd3a0285c14b4f67a4bc33c4c4c6f43e8045c8f8b89c41a705f008c7241107d0409e0a10566a1666acc303493d4a6c39235c82b1e0e9867530
Score

10^/10

gozi_rm3 202108021 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3202108021bankertrojan