gozi_rm3 | 8e0177e384db5652f64457814d6a5adbc7ff7befa6912da3bf61487346849570 | Triage

Sharing

General

Target

8e0177e384db5652f64457814d6a5adbc7ff7befa6912da3bf61487346849570
Size

41KB
Sample

220201-lvrwlsdac5
MD5

8ad8ac76a3cd7e84fd97c7f63181d396
SHA1

85b1e2a730c7242cb73246ce6495d678fbdd14f4
SHA256

8e0177e384db5652f64457814d6a5adbc7ff7befa6912da3bf61487346849570
SHA512

28690a15b4ab5c85ee1542a2984784ae826c417c092cc064568bd642849e7bb7b2dcd950b9c45318064609a595945061813db1a6577b7a4a38bf9619a8a7887c

Score

10^/10

gozi_rm3 persistence

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300784

Targets

- Target
  
  8e0177e384db5652f64457814d6a5adbc7ff7befa6912da3bf61487346849570
- Size
  
  41KB
- MD5
  
  8ad8ac76a3cd7e84fd97c7f63181d396
- SHA1
  
  85b1e2a730c7242cb73246ce6495d678fbdd14f4
- SHA256
  
  8e0177e384db5652f64457814d6a5adbc7ff7befa6912da3bf61487346849570
- SHA512
  
  28690a15b4ab5c85ee1542a2984784ae826c417c092cc064568bd642849e7bb7b2dcd950b9c45318064609a595945061813db1a6577b7a4a38bf9619a8a7887c
Score

10^/10

persistence
- Suspicious use of NtCreateProcessExOtherParentProcess
- Sets service image path in registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2