gozi_rm3 | c41bc0e1b9345c194842d1e3350a193a35b3aa261dcd1519b55ca1c74a788be4 | Triage

Sharing

General

Target

c41bc0e1b9345c194842d1e3350a193a35b3aa261dcd1519b55ca1c74a788be4
Size

461KB
Sample

220524-2t9m2aegam
MD5

90288cd596966b2b5e7387d33dd843b1
SHA1

e094d4de2f9ef3c5c13a6b24723b1a3cd23a6b90
SHA256

c41bc0e1b9345c194842d1e3350a193a35b3aa261dcd1519b55ca1c74a788be4
SHA512

101db22f7e17e960948268aaec5052cb93f498ea4edb4caf0397f2acb55e5f73bd78c72eaa42da776ab5161377a8b20d60ede870d476edfa17ce4e5781066a52

Score

10^/10

gozi_rm3 89820235 banker cryptone packer trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300898

Extracted

Family

gozi_rm3

Botnet

89820235

C2

https://exeupay.xyz

Attributes

build
300898
exe_type
loader
server_id
12
url_path
index.htm

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  c41bc0e1b9345c194842d1e3350a193a35b3aa261dcd1519b55ca1c74a788be4
- Size
  
  461KB
- MD5
  
  90288cd596966b2b5e7387d33dd843b1
- SHA1
  
  e094d4de2f9ef3c5c13a6b24723b1a3cd23a6b90
- SHA256
  
  c41bc0e1b9345c194842d1e3350a193a35b3aa261dcd1519b55ca1c74a788be4
- SHA512
  
  101db22f7e17e960948268aaec5052cb93f498ea4edb4caf0397f2acb55e5f73bd78c72eaa42da776ab5161377a8b20d60ede870d476edfa17ce4e5781066a52
Score

10^/10

gozi_rm3 89820235 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm389820235bankertrojan

behavioral2

gozi_rm389820235bankertrojan