gozi_rm3 | a4e3b205523d28cb8482729675d70e1cf88d81f0081825fecf86274b07ea1578 | Triage

Submit
Reports

Overview

overview

Static

static

a4e3b20552...78.dll

windows7_x64

1

a4e3b20552...78.dll

windows10-2004_x64

Sharing

Static task

static1

210307 gozi_rm3

Behavioral task

behavioral1

Sample

a4e3b205523d28cb8482729675d70e1cf88d81f0081825fecf86274b07ea1578.dll

Resource

win7-en-20211208

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a4e3b205523d28cb8482729675d70e1cf88d81f0081825fecf86274b07ea1578.dll

Resource

win10v2004-en-20220113

gozi_rm3 banker persistence trojan

windows10-2004_x64

0 signatures

0 seconds

General

Target

a4e3b205523d28cb8482729675d70e1cf88d81f0081825fecf86274b07ea1578
Size

42KB
MD5

8228ee6b537209f37b61def0fed70896
SHA1

5eebb557b3597a55d0637b9facc64188ec302b42
SHA256

a4e3b205523d28cb8482729675d70e1cf88d81f0081825fecf86274b07ea1578
SHA512

adcc34a7f5676cabf3708f035c401ee48ba46fe3494036db9e2a74af84b273a260b0cc4f21b38f3ed4a0e849c5116fdaf6dd4a0f1003d028782ef9df343c9a77
SSDEEP

768:ZM7PHMmVNODkaS3GZBPnlrdVlec/ofGUayvJufsOUbMKhsfka5aV0OIriXa34OP:6MmiO3GZBv1hzOtayvofsOUb48aHO89

Score

10^/10

210307 gozi_rm3

Malware Config

Extracted

Family

gozi_rm3

Botnet

210307

C2

https://sonak.cyou

Attributes

build
300960
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

aes.plain

Signatures

Gozi_rm3 family
gozi_rm3

Files

a4e3b205523d28cb8482729675d70e1cf88d81f0081825fecf86274b07ea1578
.dll regsvr32 windows x86

ca093b3502dd9834e23c84e3b034b2ae

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CreateThread
HeapDestroy
HeapCreate
GetProcAddress
GetModuleFileNameW
GetModuleHandleA
VirtualProtect
GetCurrentThreadId
CloseHandle
SetLastError
WaitForSingleObject
GetLastError
LoadLibraryW
GetModuleHandleW
VirtualFree
VirtualAlloc
lstrlenA
lstrlenW
HeapAlloc
HeapFree
CreateEventA

ntdll

memcmp
memset
memcpy
RtlUnwind
NtQueryVirtualMemory

Exports

Exports

DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy