gozi_rm3 | f41c63c777b928ab845115c92cff837652bd3b596abcc6fcbe097c8615cb6f4c | Triage

Sharing

General

Target

f41c63c777b928ab845115c92cff837652bd3b596abcc6fcbe097c8615cb6f4c
Size

880KB
Sample

210910-h1jweahfe3
MD5

08822d5ec226074bface996db4dbb559
SHA1

fd1fe3464b663c46ee431c3282f145d7d14411f7
SHA256

f41c63c777b928ab845115c92cff837652bd3b596abcc6fcbe097c8615cb6f4c
SHA512

98bf1368e94a17846cb59b22362c898d83548069c0cd6576bcc9280e3bd9854e110b973da0f74b30f5fc032ae088809f1058c73ec52d400dea1cad93d67fb864

Score

10^/10

gozi_rm3 202108021 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300981

Extracted

Family

gozi_rm3

Botnet

202108021

C2

https://haverit.xyz

Attributes

build
300981
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  f41c63c777b928ab845115c92cff837652bd3b596abcc6fcbe097c8615cb6f4c
- Size
  
  880KB
- MD5
  
  08822d5ec226074bface996db4dbb559
- SHA1
  
  fd1fe3464b663c46ee431c3282f145d7d14411f7
- SHA256
  
  f41c63c777b928ab845115c92cff837652bd3b596abcc6fcbe097c8615cb6f4c
- SHA512
  
  98bf1368e94a17846cb59b22362c898d83548069c0cd6576bcc9280e3bd9854e110b973da0f74b30f5fc032ae088809f1058c73ec52d400dea1cad93d67fb864
Score

10^/10

gozi_rm3 202108021 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3202108021bankertrojan