gozi_rm3 | 4cd59bdc1760270e479b7e0149dd95d39a67a4e0c04bf29c1f3ac9a4384f2e0c | Triage

Sharing

General

Target

4cd59bdc1760270e479b7e0149dd95d39a67a4e0c04bf29c1f3ac9a4384f2e0c
Size

880KB
Sample

210910-lckpkshgh8
MD5

6c6d5bc3ebce198438d15a46285a11ec
SHA1

d56c38047ba450361fec73c10e6716da914a2522
SHA256

4cd59bdc1760270e479b7e0149dd95d39a67a4e0c04bf29c1f3ac9a4384f2e0c
SHA512

a26737f4394f9646a96faf3b42e748bc0d7ec203620f844448927ae289ac3a350f98b041046e4e3f0412c153db5776fc2d2dcdcdf84e6dd148bf574fae494a1a

Score

10^/10

gozi_rm3 202108021 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300981

Extracted

Family

gozi_rm3

Botnet

202108021

C2

https://haverit.xyz

Attributes

build
300981
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  4cd59bdc1760270e479b7e0149dd95d39a67a4e0c04bf29c1f3ac9a4384f2e0c
- Size
  
  880KB
- MD5
  
  6c6d5bc3ebce198438d15a46285a11ec
- SHA1
  
  d56c38047ba450361fec73c10e6716da914a2522
- SHA256
  
  4cd59bdc1760270e479b7e0149dd95d39a67a4e0c04bf29c1f3ac9a4384f2e0c
- SHA512
  
  a26737f4394f9646a96faf3b42e748bc0d7ec203620f844448927ae289ac3a350f98b041046e4e3f0412c153db5776fc2d2dcdcdf84e6dd148bf574fae494a1a
Score

10^/10

gozi_rm3 202108021 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3202108021bankertrojan