gozi_rm3 | eaf6d694e2a4c8401d3d8d1419b8ff93dcfa9578ff76a851a0aef2c80567a7b0 | Triage

Sharing

General

Target

eaf6d694e2a4c8401d3d8d1419b8ff93dcfa9578ff76a851a0aef2c80567a7b0
Size

462KB
Sample

220208-ydxfzsdhgk
MD5

91543c693baf658d6e59cc0c676db2d4
SHA1

0a00cbe757b2092cf859b73e63be2b51a0020407
SHA256

eaf6d694e2a4c8401d3d8d1419b8ff93dcfa9578ff76a851a0aef2c80567a7b0
SHA512

3f29f8dd5d32f33aa755fd08007d4cc2675dbe819669900806ae5d327be18035aa08bd7f23d91f8fa0d2fec188c1c8bc165f33d6408d0d8cb8bd21c083e633ff

Score

10^/10

gozi_rm3 89820235 banker cryptone packer trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300898

Extracted

Family

gozi_rm3

Botnet

89820235

C2

https://exeupay.xyz

Attributes

build
300898
exe_type
loader
server_id
12
url_path
index.htm

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  eaf6d694e2a4c8401d3d8d1419b8ff93dcfa9578ff76a851a0aef2c80567a7b0
- Size
  
  462KB
- MD5
  
  91543c693baf658d6e59cc0c676db2d4
- SHA1
  
  0a00cbe757b2092cf859b73e63be2b51a0020407
- SHA256
  
  eaf6d694e2a4c8401d3d8d1419b8ff93dcfa9578ff76a851a0aef2c80567a7b0
- SHA512
  
  3f29f8dd5d32f33aa755fd08007d4cc2675dbe819669900806ae5d327be18035aa08bd7f23d91f8fa0d2fec188c1c8bc165f33d6408d0d8cb8bd21c083e633ff
Score

10^/10

gozi_rm3 89820235 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_rm389820235bankertrojan

behavioral2

gozi_rm389820235bankertrojan