gozi_rm3 | b1cd4ed43c327b71cdb4466e18c56ce25e474327f7487fedcd5542908f4bbba3 | Triage

Sharing

General

Target

b1cd4ed43c327b71cdb4466e18c56ce25e474327f7487fedcd5542908f4bbba3
Size

42KB
Sample

220201-lfeyhacbdk
MD5

1f8c6b1011c74fb25f8e96bf948d9def
SHA1

0cbfb62cbe54127ce953f69d0743b7e01b04e1ec
SHA256

b1cd4ed43c327b71cdb4466e18c56ce25e474327f7487fedcd5542908f4bbba3
SHA512

1e6293dc02aea248bce5d3e545ccb9e91872be533f247a1117c314a4f5cf779137c476583c80e2db1e39362b0541f3381440b6f2c17f8a5f0d10200fe2bdabd8

Score

10^/10

gozi_rm3 persistence

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300854

Targets

- Target
  
  b1cd4ed43c327b71cdb4466e18c56ce25e474327f7487fedcd5542908f4bbba3
- Size
  
  42KB
- MD5
  
  1f8c6b1011c74fb25f8e96bf948d9def
- SHA1
  
  0cbfb62cbe54127ce953f69d0743b7e01b04e1ec
- SHA256
  
  b1cd4ed43c327b71cdb4466e18c56ce25e474327f7487fedcd5542908f4bbba3
- SHA512
  
  1e6293dc02aea248bce5d3e545ccb9e91872be533f247a1117c314a4f5cf779137c476583c80e2db1e39362b0541f3381440b6f2c17f8a5f0d10200fe2bdabd8
Score

8^/10

persistence
- Sets service image path in registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2