gozi_rm3 | 5238cb4f38abf64151df3b85f74084abfc98f54cd6244198ce9d86de579a2445 | Triage

Sharing

General

Target

5238cb4f38abf64151df3b85f74084abfc98f54cd6244198ce9d86de579a2445
Size

346KB
Sample

220223-sn73ksbhdk
MD5

4083b0e75f65d672e4ea31a97d5705ab
SHA1

d83783afc8d3c9579f02d2f0fab6f1ec40e117dd
SHA256

5238cb4f38abf64151df3b85f74084abfc98f54cd6244198ce9d86de579a2445
SHA512

b4236b1fa73aae8c319d9a4ff7066ce171d00a975133ec8e1e01893edb3c8143d05cef2997cee5fd95cff03ad7bf4168c473f9ebea16c39dc53eeeb85ff44716

Score

10^/10

gozi_rm3 banker trojan

Malware Config

Extracted

Family

gozi_rm3

rsa_pubkey.base64

Targets

- Target
  
  5238cb4f38abf64151df3b85f74084abfc98f54cd6244198ce9d86de579a2445
- Size
  
  346KB
- MD5
  
  4083b0e75f65d672e4ea31a97d5705ab
- SHA1
  
  d83783afc8d3c9579f02d2f0fab6f1ec40e117dd
- SHA256
  
  5238cb4f38abf64151df3b85f74084abfc98f54cd6244198ce9d86de579a2445
- SHA512
  
  b4236b1fa73aae8c319d9a4ff7066ce171d00a975133ec8e1e01893edb3c8143d05cef2997cee5fd95cff03ad7bf4168c473f9ebea16c39dc53eeeb85ff44716
Score

10^/10

gozi_rm3 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3bankertrojan

behavioral2

gozi_rm3bankertrojan