gozi_rm3 | e0f81b847c0c02e0352607f852bdfb651925c35655ebf0be9b4fd2ef034661f3 | Triage

Resubmissions

12-09-2021 05:03

210912-fp66fsehgn 10

10-09-2021 08:18

210910-j7bdaacghm 10

Sharing

General

Target

PiSUfsy.exe
Size

880KB
Sample

210912-fp66fsehgn
MD5

ddb8cc4e8e2ec81904a1407409d2e868
SHA1

5f594f30bcf6b00213916e5aa987db98d764fbb2
SHA256

e0f81b847c0c02e0352607f852bdfb651925c35655ebf0be9b4fd2ef034661f3
SHA512

70e1ff1b5aa7a5ff7408f4520adece23fbb9df4f3ac9d5aded9baad30fe485c47a2f8cce6b2d500ab6705a18ce20f90c193092c4f943053c67c1cff8b51a5738

Score

10^/10

gozi_rm3 202108021 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300981

Extracted

Family

gozi_rm3

Botnet

202108021

C2

https://haverit.xyz

Attributes

build
300981
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  PiSUfsy.exe
- Size
  
  880KB
- MD5
  
  ddb8cc4e8e2ec81904a1407409d2e868
- SHA1
  
  5f594f30bcf6b00213916e5aa987db98d764fbb2
- SHA256
  
  e0f81b847c0c02e0352607f852bdfb651925c35655ebf0be9b4fd2ef034661f3
- SHA512
  
  70e1ff1b5aa7a5ff7408f4520adece23fbb9df4f3ac9d5aded9baad30fe485c47a2f8cce6b2d500ab6705a18ce20f90c193092c4f943053c67c1cff8b51a5738
Score

10^/10

gozi_rm3 202108021 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
- win_isfb_auto
  Detects win.isfb.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3202108021bankertrojan