gozi_rm3 | c5cc23c5c2d4cc537654886e91a18b9c34a52bd87546a9c2769fc65480ac01f1 | Triage

Sharing

General

Target

c5cc23c5c2d4cc537654886e91a18b9c34a52bd87546a9c2769fc65480ac01f1
Size

880KB
Sample

210910-k39kyschek
MD5

81dbb0a1a3730df46f69952206c97953
SHA1

7899ab6a3d3aa946ec08b73a53e9aacf0b0ff7e2
SHA256

c5cc23c5c2d4cc537654886e91a18b9c34a52bd87546a9c2769fc65480ac01f1
SHA512

e58217c5c33c80243f13d7d46a4d7c88154f8171b30c9f7705109f08d77c4dc2daa5cec3f75ebf63c8af77aca58dea3fe564704f9a3211af3bb54fab2f9f8be5

Score

10^/10

gozi_rm3 202108021 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300981

Extracted

Family

gozi_rm3

Botnet

202108021

C2

https://haverit.xyz

Attributes

build
300981
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  c5cc23c5c2d4cc537654886e91a18b9c34a52bd87546a9c2769fc65480ac01f1
- Size
  
  880KB
- MD5
  
  81dbb0a1a3730df46f69952206c97953
- SHA1
  
  7899ab6a3d3aa946ec08b73a53e9aacf0b0ff7e2
- SHA256
  
  c5cc23c5c2d4cc537654886e91a18b9c34a52bd87546a9c2769fc65480ac01f1
- SHA512
  
  e58217c5c33c80243f13d7d46a4d7c88154f8171b30c9f7705109f08d77c4dc2daa5cec3f75ebf63c8af77aca58dea3fe564704f9a3211af3bb54fab2f9f8be5
Score

10^/10

gozi_rm3 202108021 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3202108021bankertrojan