Overview

overview

10

Static

static

475eba482e...57.exe

windows7_x64

10

475eba482e...57.exe

windows10-2004_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57

  • Size

    2.9MB

  • Sample

    220210-dfvpyscgak

  • MD5

    d54474edd997f5ae1772d45974bd7005

  • SHA1

    1c6dd6518d61df04fe42b4280cbe1c0e62bb352b

  • SHA256

    475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57

  • SHA512

    e9f187eebdbef0c0b38d01c163c827ed6e6e5fcbe355ac50cded01521425a558f3d090c8b6d1039c760c623ca20432fe830d647428188428761e4b3a75d067f9

Score
10/10
gozi_rm3bankertrojan

Malware Config

Targets

    • Target

      475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57

    • Size

      2.9MB

    • MD5

      d54474edd997f5ae1772d45974bd7005

    • SHA1

      1c6dd6518d61df04fe42b4280cbe1c0e62bb352b

    • SHA256

      475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57

    • SHA512

      e9f187eebdbef0c0b38d01c163c827ed6e6e5fcbe355ac50cded01521425a558f3d090c8b6d1039c760c623ca20432fe830d647428188428761e4b3a75d067f9

    Score
    10/10
    gozi_rm3bankertrojan

    • Gozi RM3

      A heavily modified version of Gozi using RM3 loader.

      bankertrojangozi_rm3

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks