gozi_rm3 | 5acd476e3f6e4ba80aae21f149a7ee577ace4fb8a5ee244329c0ac2ba708fb4c | Triage

Sharing

General

Target

5acd476e3f6e4ba80aae21f149a7ee577ace4fb8a5ee244329c0ac2ba708fb4c
Size

880KB
Sample

210910-kgtydachbj
MD5

b33444442a26d10e053d56562fa31853
SHA1

9a7edb09890cdec4228e78e0b2faa16ade32cce2
SHA256

5acd476e3f6e4ba80aae21f149a7ee577ace4fb8a5ee244329c0ac2ba708fb4c
SHA512

d0d5657a0b50e2a2842e94c8f11b0b79695a185960c5c250927f8ecb66b25bb3312e3e809bd1596ffc591a38d30ee362c412f5d05f7e2d284eddbc1a6ed78582

Score

10^/10

gozi_rm3 202108021 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300981

Extracted

Family

gozi_rm3

Botnet

202108021

C2

https://haverit.xyz

Attributes

build
300981
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  5acd476e3f6e4ba80aae21f149a7ee577ace4fb8a5ee244329c0ac2ba708fb4c
- Size
  
  880KB
- MD5
  
  b33444442a26d10e053d56562fa31853
- SHA1
  
  9a7edb09890cdec4228e78e0b2faa16ade32cce2
- SHA256
  
  5acd476e3f6e4ba80aae21f149a7ee577ace4fb8a5ee244329c0ac2ba708fb4c
- SHA512
  
  d0d5657a0b50e2a2842e94c8f11b0b79695a185960c5c250927f8ecb66b25bb3312e3e809bd1596ffc591a38d30ee362c412f5d05f7e2d284eddbc1a6ed78582
Score

10^/10

gozi_rm3 202108021 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3202108021bankertrojan