gozi_rm3 | f21843f616dc8675920aa14d065cbd1e364a06295e42d7364a408a9d56c15479 | Triage

Submit
Reports

Overview

overview

Static

static

f21843f616...79.dll

windows7_x64

f21843f616...79.dll

windows10-2004_x64

Sharing

Static task

static1

210301 gozi_rm3

Behavioral task

behavioral1

Sample

f21843f616dc8675920aa14d065cbd1e364a06295e42d7364a408a9d56c15479.dll

Resource

win7-en-20211208

gozi_rm3 210301 banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f21843f616dc8675920aa14d065cbd1e364a06295e42d7364a408a9d56c15479.dll

Resource

win10v2004-en-20220113

gozi_rm3 210301 banker persistence trojan

windows10-2004_x64

0 signatures

0 seconds

General

Target

f21843f616dc8675920aa14d065cbd1e364a06295e42d7364a408a9d56c15479
Size

42KB
MD5

d1efe1b5a5c8237225c13fcd751d02d8
SHA1

0dd7b2ff6189db569b7c84b583619c86878560cb
SHA256

f21843f616dc8675920aa14d065cbd1e364a06295e42d7364a408a9d56c15479
SHA512

559e9792b7c41c22eaa44716f4e010c66d7088003b65de3d7b08ba1d6027e757b8e480517072659957ade299178e8a872485c9756f7d15aef21e5defc31b4a11
SSDEEP

768:EMRzcAJN4r3ayX6Gl7AvmEap7jF+FLJsWqj82nAgfBhVZTs+UwByDc:8AQX6Gls+EaBjFGuj82nAE75NB+

Score

10^/10

210301 gozi_rm3

Malware Config

Extracted

Family

gozi_rm3

Botnet

210301

C2

https://gotoregt.space

Attributes

build
300960
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

aes.plain

Signatures

Gozi_rm3 family
gozi_rm3

Files

f21843f616dc8675920aa14d065cbd1e364a06295e42d7364a408a9d56c15479
.dll regsvr32 windows x86

ca093b3502dd9834e23c84e3b034b2ae

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CreateThread
HeapDestroy
HeapCreate
GetProcAddress
GetModuleFileNameW
GetModuleHandleA
VirtualProtect
GetCurrentThreadId
CloseHandle
SetLastError
WaitForSingleObject
GetLastError
LoadLibraryW
GetModuleHandleW
VirtualFree
VirtualAlloc
lstrlenA
lstrlenW
HeapAlloc
HeapFree
CreateEventA

ntdll

memcmp
memset
memcpy
RtlUnwind
NtQueryVirtualMemory

Exports

Exports

DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 991B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 512B - Virtual size: 269B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy