gozi_rm3 | 5e1a206e5e146f2302b0d33b0e4c119ea5072b59c2df2732318fc18800e547a9 | Triage

Sharing

General

Target

5e1a206e5e146f2302b0d33b0e4c119ea5072b59c2df2732318fc18800e547a9
Size

880KB
Sample

210910-kc6rdahgc3
MD5

5c25fc4f5c92abbac748bbc8a7cdd2cd
SHA1

e223d5da19c9d8305e68a43cdb7e7b36bf9634b4
SHA256

5e1a206e5e146f2302b0d33b0e4c119ea5072b59c2df2732318fc18800e547a9
SHA512

c3e06802246f68cda2606ebac78f869bcad9d1e6f5148875e21729787a5f3914d263a59a8ffe86f63a53f2eb77eee4cbe7d3a858a0e991022b36830a3e42e8f6

Score

10^/10

gozi_rm3 202108021 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300981

Extracted

Family

gozi_rm3

Botnet

202108021

C2

https://haverit.xyz

Attributes

build
300981
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  5e1a206e5e146f2302b0d33b0e4c119ea5072b59c2df2732318fc18800e547a9
- Size
  
  880KB
- MD5
  
  5c25fc4f5c92abbac748bbc8a7cdd2cd
- SHA1
  
  e223d5da19c9d8305e68a43cdb7e7b36bf9634b4
- SHA256
  
  5e1a206e5e146f2302b0d33b0e4c119ea5072b59c2df2732318fc18800e547a9
- SHA512
  
  c3e06802246f68cda2606ebac78f869bcad9d1e6f5148875e21729787a5f3914d263a59a8ffe86f63a53f2eb77eee4cbe7d3a858a0e991022b36830a3e42e8f6
Score

10^/10

gozi_rm3 202108021 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3202108021bankertrojan