gozi_rm3 | e5d205cdcbc96eac3ca641898a6679ab1ee462d200ab412548ab13b9f6db3e5d | Triage

Sharing

General

Target

e5d205cdcbc96eac3ca641898a6679ab1ee462d200ab412548ab13b9f6db3e5d
Size

880KB
Sample

210910-jy7ecshga5
MD5

fa8cde37b3eed73ffad435d4fba59093
SHA1

69d2560d4f878f7f2bddf2c11a0c37406d97d9c9
SHA256

e5d205cdcbc96eac3ca641898a6679ab1ee462d200ab412548ab13b9f6db3e5d
SHA512

fbcde181842a6501d6f7e0133136d77b460912ba150536ff151349b84943270834f82cf3baf787998a2f66c95ff3fac344a8a394acec1006b26d774a99264771

Score

10^/10

gozi_rm3 202108021 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300981

Extracted

Family

gozi_rm3

Botnet

202108021

C2

https://haverit.xyz

Attributes

build
300981
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  e5d205cdcbc96eac3ca641898a6679ab1ee462d200ab412548ab13b9f6db3e5d
- Size
  
  880KB
- MD5
  
  fa8cde37b3eed73ffad435d4fba59093
- SHA1
  
  69d2560d4f878f7f2bddf2c11a0c37406d97d9c9
- SHA256
  
  e5d205cdcbc96eac3ca641898a6679ab1ee462d200ab412548ab13b9f6db3e5d
- SHA512
  
  fbcde181842a6501d6f7e0133136d77b460912ba150536ff151349b84943270834f82cf3baf787998a2f66c95ff3fac344a8a394acec1006b26d774a99264771
Score

10^/10

gozi_rm3 202108021 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3202108021bankertrojan