Extracted

• • Target

    XqBTvE.ntwgj

  • Size

    252KB

  • MD5

    defe731e1ca1092c08e5edd84404ed21

  • SHA1

    9c68ffba054067f51fbb172bc00d835e0014a073

  • SHA256

    ea10f282be1864ccfe204fcba69fea1b172213a5dc114ef46c629a1ea98c8c24

  • SHA512

    08f11f749847f0579b3e92502789bdabfb049f3fea304c0ff1affbed3a45b7ca7a2c88594ad0ec608c2495c6ef95906305a9cae102d9dc617929750ece7f63ba

  Score

  10^/10

  gozi_rm3bankertrojan

  • Gozi RM3

    A heavily modified version of Gozi using RM3 loader.

    bankertrojangozi_rm3

  • Uses Tor communications

    Malware can proxy its traffic through Tor for more anonymity.

  • Drops file in System32 directory

  behavioral1behavioral2