gozi_rm3 | b26a47a17c699378e3ebef87bb81e219d876237e13bb7bb0909bd1ee9fcd69e9 | Triage

Sharing

General

Target

b26a47a17c699378e3ebef87bb81e219d876237e13bb7bb0909bd1ee9fcd69e9
Size

880KB
Sample

210910-lk29lachgn
MD5

95c215be27fb24eaaaea480cf11adf92
SHA1

6d1c1f6ea2e7d188890fe7e3ff09fc78962557b0
SHA256

b26a47a17c699378e3ebef87bb81e219d876237e13bb7bb0909bd1ee9fcd69e9
SHA512

0613beb41f408eb8bf2d67b714c0de58ebd9d6d3ce1363032c16f28754c297e92a51e54f4655a0b9c2af4910b695f6b3647a6d1efa46c83267e31d1029288ef6

Score

10^/10

gozi_rm3 202108021 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300981

Extracted

Family

gozi_rm3

Botnet

202108021

C2

https://haverit.xyz

Attributes

build
300981
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  b26a47a17c699378e3ebef87bb81e219d876237e13bb7bb0909bd1ee9fcd69e9
- Size
  
  880KB
- MD5
  
  95c215be27fb24eaaaea480cf11adf92
- SHA1
  
  6d1c1f6ea2e7d188890fe7e3ff09fc78962557b0
- SHA256
  
  b26a47a17c699378e3ebef87bb81e219d876237e13bb7bb0909bd1ee9fcd69e9
- SHA512
  
  0613beb41f408eb8bf2d67b714c0de58ebd9d6d3ce1363032c16f28754c297e92a51e54f4655a0b9c2af4910b695f6b3647a6d1efa46c83267e31d1029288ef6
Score

10^/10

gozi_rm3 202108021 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3202108021bankertrojan