gozi_rm3 | 472f83af75bff0591a10bf5c0a278209dab1b6dba89aa81860319f7d65e633a6 | Triage

Sharing

General

Target

472f83af75bff0591a10bf5c0a278209dab1b6dba89aa81860319f7d65e633a6
Size

880KB
Sample

210910-mq8t1adafk
MD5

28a9f11965848a5affa3658b08c3ad71
SHA1

2fb1bbc3053beb74b08f58d65b1e45c92f036241
SHA256

472f83af75bff0591a10bf5c0a278209dab1b6dba89aa81860319f7d65e633a6
SHA512

41d1ec57a4c53e439da16affc7928e058a103e3d63c736681ccadeb7b1be5ae8a7629a7e4fc7c94f7ce6596911e3dd15a331590b764115e3bf8b8fc5bc7d7f2d

Score

10^/10

gozi_rm3 202108021 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300981

Extracted

Family

gozi_rm3

Botnet

202108021

C2

https://haverit.xyz

Attributes

build
300981
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  472f83af75bff0591a10bf5c0a278209dab1b6dba89aa81860319f7d65e633a6
- Size
  
  880KB
- MD5
  
  28a9f11965848a5affa3658b08c3ad71
- SHA1
  
  2fb1bbc3053beb74b08f58d65b1e45c92f036241
- SHA256
  
  472f83af75bff0591a10bf5c0a278209dab1b6dba89aa81860319f7d65e633a6
- SHA512
  
  41d1ec57a4c53e439da16affc7928e058a103e3d63c736681ccadeb7b1be5ae8a7629a7e4fc7c94f7ce6596911e3dd15a331590b764115e3bf8b8fc5bc7d7f2d
Score

10^/10

gozi_rm3 202108021 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3202108021bankertrojan