gozi_rm3 | 86915616e574742e343d75e998fcebd5cb5dd9f15c8a70fd63fd8b3c41a1acae | Triage

Sharing

General

Target

86915616e574742e343d75e998fcebd5cb5dd9f15c8a70fd63fd8b3c41a1acae
Size

880KB
Sample

210910-lrzgaachhp
MD5

b16ccba0e8f229577d94b950ea8bdc49
SHA1

0a8a6efbe677b5ed7da3e47107d87b13cc5bd735
SHA256

86915616e574742e343d75e998fcebd5cb5dd9f15c8a70fd63fd8b3c41a1acae
SHA512

c1375932f9b453b1bac6016a8a5c08091d797d7220a0ed1aec6331d4c204b3e56f1f04a437b3732823872a270cae92ca596843a37a24019e11b86c977ee52c3d

Score

10^/10

gozi_rm3 202108021 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300981

Extracted

Family

gozi_rm3

Botnet

202108021

C2

https://haverit.xyz

Attributes

build
300981
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  86915616e574742e343d75e998fcebd5cb5dd9f15c8a70fd63fd8b3c41a1acae
- Size
  
  880KB
- MD5
  
  b16ccba0e8f229577d94b950ea8bdc49
- SHA1
  
  0a8a6efbe677b5ed7da3e47107d87b13cc5bd735
- SHA256
  
  86915616e574742e343d75e998fcebd5cb5dd9f15c8a70fd63fd8b3c41a1acae
- SHA512
  
  c1375932f9b453b1bac6016a8a5c08091d797d7220a0ed1aec6331d4c204b3e56f1f04a437b3732823872a270cae92ca596843a37a24019e11b86c977ee52c3d
Score

10^/10

gozi_rm3 202108021 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3202108021bankertrojan