gozi_rm3 | a2dc4d9a7b686612cdbe2bd80c1855360ac160b1321aa4a5e305525311fd9118 | Triage

Sharing

General

Target

a2dc4d9a7b686612cdbe2bd80c1855360ac160b1321aa4a5e305525311fd9118
Size

52KB
Sample

220201-lkqwkacha6
MD5

2d7fa5c028c4c043797410afa65d39d1
SHA1

5332440b06117c2d308bed01e15da0396d5f8167
SHA256

a2dc4d9a7b686612cdbe2bd80c1855360ac160b1321aa4a5e305525311fd9118
SHA512

9981aebb3f6abfc100a0f6fa498ca6f6e801b3e77c9d3694007b3eadc55fdfdb9d1f613a7e2019041f42fa230484291b0a632a686d7a4c1c6a3e9155d6d14702

Score

10^/10

gozi_rm3 persistence

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300904

Targets

- Target
  
  a2dc4d9a7b686612cdbe2bd80c1855360ac160b1321aa4a5e305525311fd9118
- Size
  
  52KB
- MD5
  
  2d7fa5c028c4c043797410afa65d39d1
- SHA1
  
  5332440b06117c2d308bed01e15da0396d5f8167
- SHA256
  
  a2dc4d9a7b686612cdbe2bd80c1855360ac160b1321aa4a5e305525311fd9118
- SHA512
  
  9981aebb3f6abfc100a0f6fa498ca6f6e801b3e77c9d3694007b3eadc55fdfdb9d1f613a7e2019041f42fa230484291b0a632a686d7a4c1c6a3e9155d6d14702
Score

8^/10

persistence
- Sets service image path in registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2