gozi_rm3 | 31941577d287f7445f2791c78da17ffcd54baee40acf61dc0ff27a3f1d5253e6 | Triage

Sharing

General

Target

6c4e1328230fd65c2c8232e7b9f838ae.exe
Size

880KB
Sample

210910-t7v3ssddhr
MD5

6c4e1328230fd65c2c8232e7b9f838ae
SHA1

9cfbf6477457d26555e37ad3717cccd3aadc7dbe
SHA256

31941577d287f7445f2791c78da17ffcd54baee40acf61dc0ff27a3f1d5253e6
SHA512

062c9fa2241227752ead4f15d05e3c3df8f685538765e527f4929ed3e94f3f37f89f60764b531a0c935e878b7710ea4174ae6f9b48e7c8aa8066176e57fdf733

Score

10^/10

gozi_rm3 202108021 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300981

Extracted

Family

gozi_rm3

Botnet

202108021

C2

https://haverit.xyz

Attributes

build
300981
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  6c4e1328230fd65c2c8232e7b9f838ae.exe
- Size
  
  880KB
- MD5
  
  6c4e1328230fd65c2c8232e7b9f838ae
- SHA1
  
  9cfbf6477457d26555e37ad3717cccd3aadc7dbe
- SHA256
  
  31941577d287f7445f2791c78da17ffcd54baee40acf61dc0ff27a3f1d5253e6
- SHA512
  
  062c9fa2241227752ead4f15d05e3c3df8f685538765e527f4929ed3e94f3f37f89f60764b531a0c935e878b7710ea4174ae6f9b48e7c8aa8066176e57fdf733
Score

10^/10

gozi_rm3 202108021 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3202108021bankertrojan

behavioral2

gozi_rm3202108021bankertrojan