gozi_rm3 | 5654000269026d84de04c6844f4b04c59a0e33a8f735f68dcc38c42e35fd208c | Triage

Analysis

max time kernel
150s
max time network
134s
platform
windows7_x64
resource
win7-en-20211208
submitted
01-02-2022 10:21

Sharing

Report Analysis Logs

General

Target

5654000269026d84de04c6844f4b04c59a0e33a8f735f68dcc38c42e35fd208c.exe
Size

36KB
MD5

fc214ac85663dd6d34e265efce936002
SHA1

c6e24cbb6df3b37145743a8d4d44ce3898ebe8bc
SHA256

5654000269026d84de04c6844f4b04c59a0e33a8f735f68dcc38c42e35fd208c
SHA512

d01be850fdd808be903d5c14c92ce6dd8c9c483123ab3c1a4c1348f4d21fadb3bcf5585a6e91b70cfc3f8cd1c434c433be64bf48237bc872016d778deff167f5

Score

10^/10

gozi_rm3 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

exe_type
loader

Signatures

Gozi RM3
A heavily modified version of Gozi using RM3 loader.
banker trojan gozi_rm3

C:\Users\Admin\AppData\Local\Temp\5654000269026d84de04c6844f4b04c59a0e33a8f735f68dcc38c42e35fd208c.exe
"C:\Users\Admin\AppData\Local\Temp\5654000269026d84de04c6844f4b04c59a0e33a8f735f68dcc38c42e35fd208c.exe"
1⤵
PID:528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/528-55-0x0000000000020000-0x0000000000030000-memory.dmp

Filesize
64KB

Download
memory/528-54-0x0000000076121000-0x0000000076123000-memory.dmp

Filesize
8KB

Download