gozi_rm3 | 738bf94c6e4e07f3eb40859954b3be1ddcb035b44f28c2225e72d323856d43eb | Triage

Sharing

General

Target

738bf94c6e4e07f3eb40859954b3be1ddcb035b44f28c2225e72d323856d43eb
Size

205KB
Sample

220324-x3gldsaacp
MD5

da15c7e12929023bd011008236d018fd
SHA1

fc1764997075e265dd02d7e6beb7f2fcd482d802
SHA256

738bf94c6e4e07f3eb40859954b3be1ddcb035b44f28c2225e72d323856d43eb
SHA512

5c849bab270fe90b51383e071d17595c877a7f895062b3f90e6af41984e11c2edef5a0684d01f33327d6ae9909e6c583f6afd97818de58375525f9c8f586b12b

Score

10^/10

gozi_rm3 201193206 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300932

Extracted

Family

gozi_rm3

Botnet

201193206

C2

https://lalstatsnon.website

Attributes

build
300932
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  738bf94c6e4e07f3eb40859954b3be1ddcb035b44f28c2225e72d323856d43eb
- Size
  
  205KB
- MD5
  
  da15c7e12929023bd011008236d018fd
- SHA1
  
  fc1764997075e265dd02d7e6beb7f2fcd482d802
- SHA256
  
  738bf94c6e4e07f3eb40859954b3be1ddcb035b44f28c2225e72d323856d43eb
- SHA512
  
  5c849bab270fe90b51383e071d17595c877a7f895062b3f90e6af41984e11c2edef5a0684d01f33327d6ae9909e6c583f6afd97818de58375525f9c8f586b12b
Score

10^/10

gozi_rm3 201193206 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3201193206bankertrojan

behavioral2

gozi_rm3201193206bankertrojan