gozi_rm3 | ec5a1db718eaaa38b443556943f0d4ab66956f87932350e4cc158e3408b5a24e | Triage

Sharing

General

Target

ec5a1db718eaaa38b443556943f0d4ab66956f87932350e4cc158e3408b5a24e
Size

880KB
Sample

210910-lr2xeahhd5
MD5

4eb4c7f77b8ed58b27300300ffae2308
SHA1

ed071faffb848cdfc7c6819b4eb78230071520c1
SHA256

ec5a1db718eaaa38b443556943f0d4ab66956f87932350e4cc158e3408b5a24e
SHA512

c64fb668d0ae65c33f1d8292853d117f3014a4ff51d540ced33bf060a7cc336259f04ad4d5d8d19eafa62584633014223ece71790ead8a6b09ae14b2ae3234e8

Score

10^/10

gozi_rm3 202108021 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300981

Extracted

Family

gozi_rm3

Botnet

202108021

C2

https://haverit.xyz

Attributes

build
300981
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  ec5a1db718eaaa38b443556943f0d4ab66956f87932350e4cc158e3408b5a24e
- Size
  
  880KB
- MD5
  
  4eb4c7f77b8ed58b27300300ffae2308
- SHA1
  
  ed071faffb848cdfc7c6819b4eb78230071520c1
- SHA256
  
  ec5a1db718eaaa38b443556943f0d4ab66956f87932350e4cc158e3408b5a24e
- SHA512
  
  c64fb668d0ae65c33f1d8292853d117f3014a4ff51d540ced33bf060a7cc336259f04ad4d5d8d19eafa62584633014223ece71790ead8a6b09ae14b2ae3234e8
Score

10^/10

gozi_rm3 202108021 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3202108021bankertrojan