gozi_rm3 | 38d7bb17df3d21059ec269838415457c7442d498678942594e7730c5d132134c | Triage

Sharing

General

Target

38d7bb17df3d21059ec269838415457c7442d498678942594e7730c5d132134c
Size

448KB
Sample

220524-2vmvnaaha3
MD5

26c71269eac9b2780e4cb5ca4fe15ae3
SHA1

368e06b6a2871cef2ae72f647ea1aef82f1de456
SHA256

38d7bb17df3d21059ec269838415457c7442d498678942594e7730c5d132134c
SHA512

85eb1fa72e4f8ffbb51f813d5d9807c0a2ea996808eac1c7dc036d837599899135b8b8c525972c47900b97caad5f8f2969cec1813acd8f57f7299744e05dc2de

Score

10^/10

gozi_rm3 86920233 banker cryptone packer trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300869

Extracted

Family

gozi_rm3

Botnet

86920233

C2

https://babytoydeals.xyz

Attributes

build
300869
exe_type
loader
server_id
12
url_path
index.htm

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  38d7bb17df3d21059ec269838415457c7442d498678942594e7730c5d132134c
- Size
  
  448KB
- MD5
  
  26c71269eac9b2780e4cb5ca4fe15ae3
- SHA1
  
  368e06b6a2871cef2ae72f647ea1aef82f1de456
- SHA256
  
  38d7bb17df3d21059ec269838415457c7442d498678942594e7730c5d132134c
- SHA512
  
  85eb1fa72e4f8ffbb51f813d5d9807c0a2ea996808eac1c7dc036d837599899135b8b8c525972c47900b97caad5f8f2969cec1813acd8f57f7299744e05dc2de
Score

10^/10

gozi_rm3 86920233 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm386920233bankertrojan

behavioral2

gozi_rm386920233bankertrojan