gozi_rm3 | 39ae06bd0a6626a6af4f15ee98050f8f92728da942c7b1db4b44249c5f432266 | Triage

Sharing

General

Target

39ae06bd0a6626a6af4f15ee98050f8f92728da942c7b1db4b44249c5f432266
Size

880KB
Sample

210910-hw1ncshfd9
MD5

ef963a7c41fdf3d22e6e94a92ebc6300
SHA1

6598be5cb0636689d0994b6c63db67616bab9806
SHA256

39ae06bd0a6626a6af4f15ee98050f8f92728da942c7b1db4b44249c5f432266
SHA512

25a56df0c885d3d4d84751ba10802d789dad2b189743ac9c7fef59c2925e0534a8ebf79f471908cebadd9cc2283712004c9fd20ad6eb9d99a3ad2295e5ac32d4

Score

10^/10

gozi_rm3 202108021 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300981

Extracted

Family

gozi_rm3

Botnet

202108021

C2

https://haverit.xyz

Attributes

build
300981
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  39ae06bd0a6626a6af4f15ee98050f8f92728da942c7b1db4b44249c5f432266
- Size
  
  880KB
- MD5
  
  ef963a7c41fdf3d22e6e94a92ebc6300
- SHA1
  
  6598be5cb0636689d0994b6c63db67616bab9806
- SHA256
  
  39ae06bd0a6626a6af4f15ee98050f8f92728da942c7b1db4b44249c5f432266
- SHA512
  
  25a56df0c885d3d4d84751ba10802d789dad2b189743ac9c7fef59c2925e0534a8ebf79f471908cebadd9cc2283712004c9fd20ad6eb9d99a3ad2295e5ac32d4
Score

10^/10

gozi_rm3 202108021 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3202108021bankertrojan