gozi_rm3 | 0026842412d234f940e06c182f10a203b7ecf225bc6f26a851d1a654095c5956 | Triage

Sharing

General

Target

0026842412d234f940e06c182f10a203b7ecf225bc6f26a851d1a654095c5956
Size

880KB
Sample

210910-lr1z4shhd4
MD5

b22b09e472d8ad0d10abd89a2a90c6f2
SHA1

763bbe7ce14a1ad5fa7db4d903d39fe2803f1242
SHA256

0026842412d234f940e06c182f10a203b7ecf225bc6f26a851d1a654095c5956
SHA512

32ec3a83ea8be9bdd4ed5f06da7fff289066165881720869f823f0eb0898e44c2b7bd6c79cafa90d2d9921585cc3816434d12349380a8caf1c55d6b7411f3284

Score

10^/10

gozi_rm3 202108021 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300981

Extracted

Family

gozi_rm3

Botnet

202108021

C2

https://haverit.xyz

Attributes

build
300981
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  0026842412d234f940e06c182f10a203b7ecf225bc6f26a851d1a654095c5956
- Size
  
  880KB
- MD5
  
  b22b09e472d8ad0d10abd89a2a90c6f2
- SHA1
  
  763bbe7ce14a1ad5fa7db4d903d39fe2803f1242
- SHA256
  
  0026842412d234f940e06c182f10a203b7ecf225bc6f26a851d1a654095c5956
- SHA512
  
  32ec3a83ea8be9bdd4ed5f06da7fff289066165881720869f823f0eb0898e44c2b7bd6c79cafa90d2d9921585cc3816434d12349380a8caf1c55d6b7411f3284
Score

10^/10

gozi_rm3 202108021 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3202108021bankertrojan