gozi_rm3 | 7941e7cab1e386ed6990a79e23da69848ee1f7971ea6300f77260d7468084102 | Triage

Sharing

General

Target

7941e7cab1e386ed6990a79e23da69848ee1f7971ea6300f77260d7468084102
Size

880KB
Sample

210910-l4bkzsdabn
MD5

57bcb99cca4654b21e83e2732099d961
SHA1

38af72807030e608e517e37d528cbf684b738f69
SHA256

7941e7cab1e386ed6990a79e23da69848ee1f7971ea6300f77260d7468084102
SHA512

072314ffe77ecb0148ae78b2bdd24c7e884208b7f073390929aa73eb30b7575f8ae09e8e2a33594df3e0ba520ee20dda71ba10bc3a83350b914ece382ed2e1d3

Score

10^/10

gozi_rm3 202108021 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300981

Extracted

Family

gozi_rm3

Botnet

202108021

C2

https://haverit.xyz

Attributes

build
300981
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  7941e7cab1e386ed6990a79e23da69848ee1f7971ea6300f77260d7468084102
- Size
  
  880KB
- MD5
  
  57bcb99cca4654b21e83e2732099d961
- SHA1
  
  38af72807030e608e517e37d528cbf684b738f69
- SHA256
  
  7941e7cab1e386ed6990a79e23da69848ee1f7971ea6300f77260d7468084102
- SHA512
  
  072314ffe77ecb0148ae78b2bdd24c7e884208b7f073390929aa73eb30b7575f8ae09e8e2a33594df3e0ba520ee20dda71ba10bc3a83350b914ece382ed2e1d3
Score

10^/10

gozi_rm3 202108021 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3202108021bankertrojan