gozi_rm3 | 82a32b07e9718825d70f0dfe0870d8d27b32ddd1b48e96c97cda91d4c7e04530 | Triage

Sharing

General

Target

82a32b07e9718825d70f0dfe0870d8d27b32ddd1b48e96c97cda91d4c7e04530
Size

227KB
Sample

220524-2vda8aegan
MD5

35a60252c7832c4e7e0589c857489ac9
SHA1

001099f0eebc504b6985b065ddf6c5446df4cf45
SHA256

82a32b07e9718825d70f0dfe0870d8d27b32ddd1b48e96c97cda91d4c7e04530
SHA512

478fec47d60171fb91c6475066971b540f78c8a209bc2c491d890d48282155de88a57bb4acce5044b44a9381de6f8a5e17e053b069a7498ca441a5c3b059973e

Score

10^/10

gozi_rm3 86920224 banker cryptone packer trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300869

Extracted

Family

gozi_rm3

Botnet

86920224

C2

https://sibelikinciel.xyz

Attributes

build
300869
exe_type
loader
server_id
12
url_path
index.htm

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  82a32b07e9718825d70f0dfe0870d8d27b32ddd1b48e96c97cda91d4c7e04530
- Size
  
  227KB
- MD5
  
  35a60252c7832c4e7e0589c857489ac9
- SHA1
  
  001099f0eebc504b6985b065ddf6c5446df4cf45
- SHA256
  
  82a32b07e9718825d70f0dfe0870d8d27b32ddd1b48e96c97cda91d4c7e04530
- SHA512
  
  478fec47d60171fb91c6475066971b540f78c8a209bc2c491d890d48282155de88a57bb4acce5044b44a9381de6f8a5e17e053b069a7498ca441a5c3b059973e
Score

10^/10

gozi_rm3 86920224 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm386920224bankertrojan

behavioral2

gozi_rm386920224bankertrojan