gozi_rm3 | b2f04718cd6b718407185e95a4f63bd12f371f9a19af210b6f80024791ee8674 | Triage

Sharing

General

Target

b2f04718cd6b718407185e95a4f63bd12f371f9a19af210b6f80024791ee8674
Size

880KB
Sample

210910-kgpnnahgc6
MD5

348d3740981f53873902675f4fcf9ed7
SHA1

ec81c0f1c3082e8d565d9cf421d80f6d5e9df70f
SHA256

b2f04718cd6b718407185e95a4f63bd12f371f9a19af210b6f80024791ee8674
SHA512

847a6d2f2691ce2f2f6e1a3ba226d11aaf529537febfa0d36fd668b64a5f6fe1ca45f38b56946d3b3d0dda9d64490fbcecc5294ce6b45dce2b0c03e49040a9c6

Score

10^/10

gozi_rm3 202108021 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300981

Extracted

Family

gozi_rm3

Botnet

202108021

C2

https://haverit.xyz

Attributes

build
300981
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  b2f04718cd6b718407185e95a4f63bd12f371f9a19af210b6f80024791ee8674
- Size
  
  880KB
- MD5
  
  348d3740981f53873902675f4fcf9ed7
- SHA1
  
  ec81c0f1c3082e8d565d9cf421d80f6d5e9df70f
- SHA256
  
  b2f04718cd6b718407185e95a4f63bd12f371f9a19af210b6f80024791ee8674
- SHA512
  
  847a6d2f2691ce2f2f6e1a3ba226d11aaf529537febfa0d36fd668b64a5f6fe1ca45f38b56946d3b3d0dda9d64490fbcecc5294ce6b45dce2b0c03e49040a9c6
Score

10^/10

gozi_rm3 202108021 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3202108021bankertrojan