gozi_rm3 | a9751c9ec848a81b128e0bde27c2c6765381422c158d44d0af3aa20e2bf56f7e | Triage

Sharing

General

Target

a9751c9ec848a81b128e0bde27c2c6765381422c158d44d0af3aa20e2bf56f7e
Size

880KB
Sample

210910-lr1dksdaaj
MD5

731dd3d9a6fdcca24c81aece84dfd67f
SHA1

866aa1d74c29dcbe5c349f90a1f291d5f8a9c3a0
SHA256

a9751c9ec848a81b128e0bde27c2c6765381422c158d44d0af3aa20e2bf56f7e
SHA512

7fcd61b6c4fbb7b35b6a4ef8d31b9682fd6a5e10a24297f1aea9ba974ff45bbfe7c88b5d7d261c58e6a34ce4f0e01b9224a8e68fb30dd910aefdb21665153f86

Score

10^/10

gozi_rm3 202108021 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300981

Extracted

Family

gozi_rm3

Botnet

202108021

C2

https://haverit.xyz

Attributes

build
300981
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  a9751c9ec848a81b128e0bde27c2c6765381422c158d44d0af3aa20e2bf56f7e
- Size
  
  880KB
- MD5
  
  731dd3d9a6fdcca24c81aece84dfd67f
- SHA1
  
  866aa1d74c29dcbe5c349f90a1f291d5f8a9c3a0
- SHA256
  
  a9751c9ec848a81b128e0bde27c2c6765381422c158d44d0af3aa20e2bf56f7e
- SHA512
  
  7fcd61b6c4fbb7b35b6a4ef8d31b9682fd6a5e10a24297f1aea9ba974ff45bbfe7c88b5d7d261c58e6a34ce4f0e01b9224a8e68fb30dd910aefdb21665153f86
Score

10^/10

gozi_rm3 202108021 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3202108021bankertrojan