gozi_rm3 | 68a2b66cd3cf613dc575787660dc444c68ad256cb9264b64c189b230d0f8f287 | Triage

Sharing

General

Target

68a2b66cd3cf613dc575787660dc444c68ad256cb9264b64c189b230d0f8f287
Size

70KB
Sample

220201-l8hvvsdcc6
MD5

4adc87bc1193e51d12ba19ea89032054
SHA1

69a901e8560dfb1f44c533c52fe01f9981da183a
SHA256

68a2b66cd3cf613dc575787660dc444c68ad256cb9264b64c189b230d0f8f287
SHA512

f82cde15fb6172b08c5a84531bfb5533320940fb2549866171ef7073ee59cb5da30b89f6b7a32314cb9869e4d335c8e817ba322006e7929c8a4320f0d7ea3b32

Score

10^/10

gozi_rm3 201910081 persistence

Malware Config

Extracted

Family

gozi_rm3

Attributes

exe_type
loader

Extracted

Family

gozi_rm3

Botnet

201910081

C2

https://kenneyai.xyz

Attributes

build
300787
exe_type
loader
server_id
12
url_path
index.htm

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  68a2b66cd3cf613dc575787660dc444c68ad256cb9264b64c189b230d0f8f287
- Size
  
  70KB
- MD5
  
  4adc87bc1193e51d12ba19ea89032054
- SHA1
  
  69a901e8560dfb1f44c533c52fe01f9981da183a
- SHA256
  
  68a2b66cd3cf613dc575787660dc444c68ad256cb9264b64c189b230d0f8f287
- SHA512
  
  f82cde15fb6172b08c5a84531bfb5533320940fb2549866171ef7073ee59cb5da30b89f6b7a32314cb9869e4d335c8e817ba322006e7929c8a4320f0d7ea3b32
Score

8^/10

persistence
- Sets service image path in registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

201910081gozi_rm3

behavioral1

behavioral2