gozi_rm3 | 0224a665ced7423927bfe9074660d0da033f0d345520944486a180906b56e07e | Triage

Sharing

General

Target

0224a665ced7423927bfe9074660d0da033f0d345520944486a180906b56e07e
Size

880KB
Sample

210910-lr1z4sdaak
MD5

78852a12df63703ff5b048337386d866
SHA1

2da534316978187c955eb8156af50c15af6263e6
SHA256

0224a665ced7423927bfe9074660d0da033f0d345520944486a180906b56e07e
SHA512

cada877d683620fe573f4df25d98582c614de0c97031cdc704941abc107aa2931fd26735ca9d02e24fbb6b14588c9ad90b159872e9e855dac39a2d423d5fc5f1

Score

10^/10

gozi_rm3 202108021 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300981

Extracted

Family

gozi_rm3

Botnet

202108021

C2

https://haverit.xyz

Attributes

build
300981
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  0224a665ced7423927bfe9074660d0da033f0d345520944486a180906b56e07e
- Size
  
  880KB
- MD5
  
  78852a12df63703ff5b048337386d866
- SHA1
  
  2da534316978187c955eb8156af50c15af6263e6
- SHA256
  
  0224a665ced7423927bfe9074660d0da033f0d345520944486a180906b56e07e
- SHA512
  
  cada877d683620fe573f4df25d98582c614de0c97031cdc704941abc107aa2931fd26735ca9d02e24fbb6b14588c9ad90b159872e9e855dac39a2d423d5fc5f1
Score

10^/10

gozi_rm3 202108021 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3202108021bankertrojan