bd46624b138c6574ede18bb37034056c508d2442c7ebd664a5686b74b0f99d7b

Target

Size

908KB

Sample

220521-atvqbsdgcr

Score

10 ^/10

MD5

6c3616245a1f713038857de1c4a0f8b4

SHA1

b004c92fcb9412762cfaf8b0e25cd0bf4f39ee13

SHA256

bd46624b138c6574ede18bb37034056c508d2442c7ebd664a5686b74b0f99d7b

SHA512

db56e3813fc2a04b88469df24f03b9ed0ca69df9ce701d38ed849a9cd9c304fb69212a1591de8d9684fccfb19ca5923fd4ad6efb5c3cb2c12cc693770724e859

Extracted

Family	gozi_rm3
Attributes	build 300854

Extracted

Family	gozi_rm3
Botnet	202004141
C2	https://devicelease.xyz https://devicelease.xyz
Attributes	build 300854 dga_base_url constitution.org/usdeclar.txt dga_crc 0x4eb7d2ca dga_season 10 dga_tlds com ru org exe_type loader server_id 12 url_path index.htm
rsa_pubkey.plain
serpent.plain

Target

bd46624b138c6574ede18bb37034056c508d2442c7ebd664a5686b74b0f99d7b

MD5

6c3616245a1f713038857de1c4a0f8b4

Filesize

908KB

Score

10^/10

SHA1

b004c92fcb9412762cfaf8b0e25cd0bf4f39ee13

SHA256

bd46624b138c6574ede18bb37034056c508d2442c7ebd664a5686b74b0f99d7b

SHA512

db56e3813fc2a04b88469df24f03b9ed0ca69df9ce701d38ed849a9cd9c304fb69212a1591de8d9684fccfb19ca5923fd4ad6efb5c3cb2c12cc693770724e859

Signatures

Gozi RM3
Description

A heavily modified version of Gozi using RM3 loader.
Tags

banker trojan gozi_rm3

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

cryptone packer

9^/10

behavioral1

gozi_rm3 202004141 banker trojan

10^/10

behavioral2

gozi_rm3 202004141 banker trojan

10^/10

Extracted

Extracted

Tags

Signatures

Gozi RM3

Description

Tags

Related Tasks

static1

behavioral1

behavioral2