gozi_rm3 | e3c40245d525bba6c9a2b0aee344e68cb42f2a2309bf2fd09830de718f90bdb1 | Triage

Sharing

General

Target

e3c40245d525bba6c9a2b0aee344e68cb42f2a2309bf2fd09830de718f90bdb1
Size

908KB
Sample

220520-hjg1gshean
MD5

b660e62a7505f4969f3ce033907c9595
SHA1

f09d84aafd7e3b296252bf6b470e2389537d9d82
SHA256

e3c40245d525bba6c9a2b0aee344e68cb42f2a2309bf2fd09830de718f90bdb1
SHA512

52abbe6f7799695d6ba69d53d3ccce0023508fa3fb0e54fa7dc8d21e518fb7a02158faa8c1a87be419efa4f4d4634f736662bd3ce16cea2e60d403020b5613e5

Score

10^/10

gozi_rm3 202004141 banker cryptone packer trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300854

Extracted

Family

gozi_rm3

Botnet

202004141

C2

https://devicelease.xyz

Attributes

build
300854
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12
url_path
index.htm

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  e3c40245d525bba6c9a2b0aee344e68cb42f2a2309bf2fd09830de718f90bdb1
- Size
  
  908KB
- MD5
  
  b660e62a7505f4969f3ce033907c9595
- SHA1
  
  f09d84aafd7e3b296252bf6b470e2389537d9d82
- SHA256
  
  e3c40245d525bba6c9a2b0aee344e68cb42f2a2309bf2fd09830de718f90bdb1
- SHA512
  
  52abbe6f7799695d6ba69d53d3ccce0023508fa3fb0e54fa7dc8d21e518fb7a02158faa8c1a87be419efa4f4d4634f736662bd3ce16cea2e60d403020b5613e5
Score

10^/10

gozi_rm3 202004141 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3202004141bankertrojan

behavioral2

gozi_rm3202004141bankertrojan