gozi_rm3 | a2273731ac7a648716a2a6c236c0b67ea7c0b1f0de44ab9bf38e4f94f6842f15 | Triage

Sharing

General

Target

a2273731ac7a648716a2a6c236c0b67ea7c0b1f0de44ab9bf38e4f94f6842f15
Size

880KB
Sample

210910-h6e5eahfe6
MD5

b5bbb8686eef576b583d240dc57619b3
SHA1

3927571c188235a5277865240d80c38e0bedeb91
SHA256

a2273731ac7a648716a2a6c236c0b67ea7c0b1f0de44ab9bf38e4f94f6842f15
SHA512

187d0322e4f0d9f84932d2a1f390d628c6358a0b66321d4b08615a100c2740731ce65ba91e03be1b93203dc2ed971467f33d0a4acab416a2813a9862383adc3f

Score

10^/10

gozi_rm3 202108021 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300981

Extracted

Family

gozi_rm3

Botnet

202108021

C2

https://haverit.xyz

Attributes

build
300981
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  a2273731ac7a648716a2a6c236c0b67ea7c0b1f0de44ab9bf38e4f94f6842f15
- Size
  
  880KB
- MD5
  
  b5bbb8686eef576b583d240dc57619b3
- SHA1
  
  3927571c188235a5277865240d80c38e0bedeb91
- SHA256
  
  a2273731ac7a648716a2a6c236c0b67ea7c0b1f0de44ab9bf38e4f94f6842f15
- SHA512
  
  187d0322e4f0d9f84932d2a1f390d628c6358a0b66321d4b08615a100c2740731ce65ba91e03be1b93203dc2ed971467f33d0a4acab416a2813a9862383adc3f
Score

10^/10

gozi_rm3 202108021 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3202108021bankertrojan