gozi_rm3 | 1000a3681589bed44b5776ba5e258a4becd3ec97dc00db6138d333b463501930 | Triage

Sharing

General

Target

1000a3681589bed44b5776ba5e258a4becd3ec97dc00db6138d333b463501930
Size

461KB
Sample

220326-tn3crsefh7
MD5

bdc00e7591dddffbc4cd054c3843d91d
SHA1

251bbe43735b796475a0881544a7fb46a2b8f51d
SHA256

1000a3681589bed44b5776ba5e258a4becd3ec97dc00db6138d333b463501930
SHA512

98abac55eecefaac50977bb931d5e35fde0f2ff1ef8503e00abeeaa92d56a09bbfbd8b47bf6b2d4dbfb241b81a1451c9fe31e43da563c2c72ad092810f84f6de

Score

10^/10

gozi_rm3 89820235 banker cryptone packer trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300898
exe_type
loader

Extracted

Family

gozi_rm3

Botnet

89820235

C2

https://exeupay.xyz

Attributes

build
300898
exe_type
loader
server_id
12
url_path
index.htm

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  1000a3681589bed44b5776ba5e258a4becd3ec97dc00db6138d333b463501930
- Size
  
  461KB
- MD5
  
  bdc00e7591dddffbc4cd054c3843d91d
- SHA1
  
  251bbe43735b796475a0881544a7fb46a2b8f51d
- SHA256
  
  1000a3681589bed44b5776ba5e258a4becd3ec97dc00db6138d333b463501930
- SHA512
  
  98abac55eecefaac50977bb931d5e35fde0f2ff1ef8503e00abeeaa92d56a09bbfbd8b47bf6b2d4dbfb241b81a1451c9fe31e43da563c2c72ad092810f84f6de
Score

10^/10

gozi_rm3 89820235 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_rm389820235bankertrojan

behavioral2

gozi_rm389820235bankertrojan