gozi_rm3 | 8190320d71768d12e4c58c7e69c4cd06c088d982fd8e16cfb0fd76377a8e77e0 | Triage

Sharing

General

Target

8190320d71768d12e4c58c7e69c4cd06c088d982fd8e16cfb0fd76377a8e77e0
Size

462KB
Sample

220324-jw5gzsebg3
MD5

9151875c343d83c6d20540b701a111e6
SHA1

430c2d318e985abf7a75f7443d076ee69d0fd9c4
SHA256

8190320d71768d12e4c58c7e69c4cd06c088d982fd8e16cfb0fd76377a8e77e0
SHA512

e2072533f2eef588c90b760b7e6a1056266d980f8a4af71c08c79f63c8a96d8ddb4e1c80b3d8661d263d6ee744336f3d6125d5853431652d9f0ddee51b037fe0

Score

10^/10

gozi_rm3 89820235 banker cryptone packer trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300898

Extracted

Family

gozi_rm3

Botnet

89820235

C2

https://exeupay.xyz

Attributes

build
300898
exe_type
loader
server_id
12
url_path
index.htm

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  8190320d71768d12e4c58c7e69c4cd06c088d982fd8e16cfb0fd76377a8e77e0
- Size
  
  462KB
- MD5
  
  9151875c343d83c6d20540b701a111e6
- SHA1
  
  430c2d318e985abf7a75f7443d076ee69d0fd9c4
- SHA256
  
  8190320d71768d12e4c58c7e69c4cd06c088d982fd8e16cfb0fd76377a8e77e0
- SHA512
  
  e2072533f2eef588c90b760b7e6a1056266d980f8a4af71c08c79f63c8a96d8ddb4e1c80b3d8661d263d6ee744336f3d6125d5853431652d9f0ddee51b037fe0
Score

10^/10

gozi_rm3 89820235 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm389820235bankertrojan

behavioral2

gozi_rm389820235bankertrojan