gozi_rm3 | eaf6d694e2a4c8401d3d8d1419b8ff93dcfa9578ff76a851a0aef2c80567a7b0 | Triage

Sharing

General

Target

eaf6d694e2a4c8401d3d8d1419b8ff93dcfa9578ff76a851a0aef2c80567a7b0
Size

462KB
Sample

220208-ydxfzsdhgk
MD5

91543c693baf658d6e59cc0c676db2d4
SHA1

0a00cbe757b2092cf859b73e63be2b51a0020407
SHA256

eaf6d694e2a4c8401d3d8d1419b8ff93dcfa9578ff76a851a0aef2c80567a7b0
SHA512

3f29f8dd5d32f33aa755fd08007d4cc2675dbe819669900806ae5d327be18035aa08bd7f23d91f8fa0d2fec188c1c8bc165f33d6408d0d8cb8bd21c083e633ff

Score

10^/10

gozi_rm3 89820235 banker cryptone packer trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300898

Extracted

Family

gozi_rm3

Botnet

89820235

C2

https://exeupay.xyz

Attributes

build
300898
exe_type
loader
server_id
12
url_path
index.htm

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  eaf6d694e2a4c8401d3d8d1419b8ff93dcfa9578ff76a851a0aef2c80567a7b0
- Size
  
  462KB
- MD5
  
  91543c693baf658d6e59cc0c676db2d4
- SHA1
  
  0a00cbe757b2092cf859b73e63be2b51a0020407
- SHA256
  
  eaf6d694e2a4c8401d3d8d1419b8ff93dcfa9578ff76a851a0aef2c80567a7b0
- SHA512
  
  3f29f8dd5d32f33aa755fd08007d4cc2675dbe819669900806ae5d327be18035aa08bd7f23d91f8fa0d2fec188c1c8bc165f33d6408d0d8cb8bd21c083e633ff
Score

10^/10

gozi_rm3 89820235 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm389820235bankertrojan

behavioral2

gozi_rm389820235bankertrojan