gozi_rm3 | 7a381baee55dabd578bf198e4680d98d3057142cff19713612fc4bfa1ae39369 | Triage

Sharing

General

Target

6175910434340864.zip
Size

97KB
Sample

220316-tz97rafcd4
MD5

f23b0397e879bc6ef5b62b8d925bdbf7
SHA1

390268bce1eb56e57012e66fd7390e33f8838bdc
SHA256

7a381baee55dabd578bf198e4680d98d3057142cff19713612fc4bfa1ae39369
SHA512

90d49c709784204442b0e2796154a3bee9b9c096bfe1695818c6d075db8d1c6ba4f2da3429c3f19b2747cc5ad55bfa3eaa33b66d7c712accb6eb47979b3e1cc2

Score

10^/10

gozi_rm3 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300994

Targets

- Target
  
  bca43b8251b1c4ac499b1d0543a86aee4fd76da1e203f011f0f1e68a03844820
- Size
  
  252KB
- MD5
  
  067fbc7cbc5e7dcd5f63047727ec08e9
- SHA1
  
  8bf52ba841861d82f56e483993cd8e5558168133
- SHA256
  
  bca43b8251b1c4ac499b1d0543a86aee4fd76da1e203f011f0f1e68a03844820
- SHA512
  
  d28b10e3c037958cc24cca6dbc731c96148a8214c9d6bab3b279fd666cc2c8624c07a50aa87559f1e2d8f52c9de6c8bd588aab8fd98b352897d66dc70e7c1b59
Score

10^/10

gozi_rm3 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3bankertrojan

behavioral2

gozi_rm3bankertrojan