gozi_rm3 | e0f81b847c0c02e0352607f852bdfb651925c35655ebf0be9b4fd2ef034661f3

Resubmissions

12/09/2021, 05:03 UTC

210912-fp66fsehgn 10

10/09/2021, 08:18 UTC

210910-j7bdaacghm 10

Sharing

Copy URL

Twitter E-mail

General

Target

PiSUfsy.exe
Size

880KB
Sample

210910-j7bdaacghm
MD5

ddb8cc4e8e2ec81904a1407409d2e868
SHA1

5f594f30bcf6b00213916e5aa987db98d764fbb2
SHA256

e0f81b847c0c02e0352607f852bdfb651925c35655ebf0be9b4fd2ef034661f3
SHA512

70e1ff1b5aa7a5ff7408f4520adece23fbb9df4f3ac9d5aded9baad30fe485c47a2f8cce6b2d500ab6705a18ce20f90c193092c4f943053c67c1cff8b51a5738

Score

10^/10

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300981

Extracted

Family

gozi_rm3

Botnet

202108021

https://haverit.xyz

Attributes

build
300981
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

1
-----BEGIN PUBLIC KEY-----
2
MIGhMA0GCSqGSIb3DQEBAQUAA4GPADCBiwKBgQDQvSE+pGC5ueFuFpsWZNFb2D62
3
JrHBcRqgYrVTvdjBpXuaQW5ardkd9dQbqV/m9lqnAPR/0bzeIxp3S25u4aysggiU
4
q9vS8NOAX5OUj/9xYDDmNGC4wwov91iWFs2zVQq/NK3xbdAoFHf4tBEbHMqwBYO0
5
yXwvy6ct9gfu47z1YQIFAOO89WE=
6
-----END PUBLIC KEY-----

aes.plain

1
kUQPFKASLooZS1Lr

Targets

- Target
  
  PiSUfsy.exe
- Size
  
  880KB
- MD5
  
  ddb8cc4e8e2ec81904a1407409d2e868
- SHA1
  
  5f594f30bcf6b00213916e5aa987db98d764fbb2
- SHA256
  
  e0f81b847c0c02e0352607f852bdfb651925c35655ebf0be9b4fd2ef034661f3
- SHA512
  
  70e1ff1b5aa7a5ff7408f4520adece23fbb9df4f3ac9d5aded9baad30fe485c47a2f8cce6b2d500ab6705a18ce20f90c193092c4f943053c67c1cff8b51a5738
Score

10^/10

gozi_rm3 202108021 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Targets

Gozi RM3

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

We care about your privacy.