gozi_rm3 | 41ae907a2bb73794bb2cff40b429e62305847a3e1a95f188b596f1cf925c4547 | Triage

Sharing

General

Target

41ae907a2bb73794bb2cff40b429e62305847a3e1a95f188b596f1cf925c4547
Size

151KB
Sample

220407-s8w6tafcap
MD5

55ab2f304f8c2da30aeee7713a95064d
SHA1

aae939cf3995905399e427097fc90c5b62f3d4c3
SHA256

41ae907a2bb73794bb2cff40b429e62305847a3e1a95f188b596f1cf925c4547
SHA512

08bbf78b4154f725399055dfb8a4338ce873297af847a5e30c8b6708e44feeae071fbf7efff9ff2c0b397fdffec5ca52a9591f742092a8f50287e54ce89307d3

Score

10^/10

gozi_rm3 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300994

rsa_pubkey.base64

Targets

- Target
  
  41ae907a2bb73794bb2cff40b429e62305847a3e1a95f188b596f1cf925c4547
- Size
  
  151KB
- MD5
  
  55ab2f304f8c2da30aeee7713a95064d
- SHA1
  
  aae939cf3995905399e427097fc90c5b62f3d4c3
- SHA256
  
  41ae907a2bb73794bb2cff40b429e62305847a3e1a95f188b596f1cf925c4547
- SHA512
  
  08bbf78b4154f725399055dfb8a4338ce873297af847a5e30c8b6708e44feeae071fbf7efff9ff2c0b397fdffec5ca52a9591f742092a8f50287e54ce89307d3
Score

10^/10

gozi_rm3 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Connection Proxy

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3bankertrojan