gozi_rm3 | 4cda2df83c4162c84bbaa5912fa9a093e19d7d2add4ac22b68a33784f5866a63 | Triage

Sharing

General

Target

4cda2df83c4162c84bbaa5912fa9a093e19d7d2add4ac22b68a33784f5866a63
Size

880KB
Sample

210910-jvq8zacggl
MD5

d02ed5fd4b2ca61585c580b30553a01a
SHA1

5f53d12bdaf0fd8b16825b3d0d290d2b16c720e0
SHA256

4cda2df83c4162c84bbaa5912fa9a093e19d7d2add4ac22b68a33784f5866a63
SHA512

0b64e9e4cd0bf90fa4a242dd88bf2a65e28a6a7fb61a5973f9d751858b6325e59e9eeb8c35cfa3f926301432fc4979e1f9f3aa38da847349622f029f815846e6

Score

10^/10

gozi_rm3 202108021 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300981

Extracted

Family

gozi_rm3

Botnet

202108021

C2

https://haverit.xyz

Attributes

build
300981
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  4cda2df83c4162c84bbaa5912fa9a093e19d7d2add4ac22b68a33784f5866a63
- Size
  
  880KB
- MD5
  
  d02ed5fd4b2ca61585c580b30553a01a
- SHA1
  
  5f53d12bdaf0fd8b16825b3d0d290d2b16c720e0
- SHA256
  
  4cda2df83c4162c84bbaa5912fa9a093e19d7d2add4ac22b68a33784f5866a63
- SHA512
  
  0b64e9e4cd0bf90fa4a242dd88bf2a65e28a6a7fb61a5973f9d751858b6325e59e9eeb8c35cfa3f926301432fc4979e1f9f3aa38da847349622f029f815846e6
Score

10^/10

gozi_rm3 202108021 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3202108021bankertrojan