gozi_rm3 | c8ac98c4e43e4290cdaefce51ebf9165143c31d3fbce0f9f80cf5a3258058c4a | Triage

Sharing

General

Target

EWHxeQ.bfvvu
Size

252KB
Sample

220315-mjtrhacacl
MD5

aa9e193908e16757ca1803d25f3b65d6
SHA1

1bd752e969771db5af1ffbf7ebe956dd8fefe040
SHA256

c8ac98c4e43e4290cdaefce51ebf9165143c31d3fbce0f9f80cf5a3258058c4a
SHA512

5a8157caa8b8639733b1f9159b15212b7818ae52431e45134e4db9282121737bceed192d4a68adce41d971a1e4bf807a2401f951d4c1400ff58ee40fcb96ffad

Score

10^/10

gozi_rm3 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300994
exe_type
loader

Targets

- Target
  
  EWHxeQ.bfvvu
- Size
  
  252KB
- MD5
  
  aa9e193908e16757ca1803d25f3b65d6
- SHA1
  
  1bd752e969771db5af1ffbf7ebe956dd8fefe040
- SHA256
  
  c8ac98c4e43e4290cdaefce51ebf9165143c31d3fbce0f9f80cf5a3258058c4a
- SHA512
  
  5a8157caa8b8639733b1f9159b15212b7818ae52431e45134e4db9282121737bceed192d4a68adce41d971a1e4bf807a2401f951d4c1400ff58ee40fcb96ffad
Score

10^/10

gozi_rm3 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3bankertrojan

behavioral2

gozi_rm3bankertrojan