gozi_rm3 | 33f02815a25172b12a516e72ea50eb8ca40630bd74f63941020848888cbe1ea8 | Triage

Sharing

General

Target

33f02815a25172b12a516e72ea50eb8ca40630bd74f63941020848888cbe1ea8
Size

462KB
Sample

220524-2vpn9aegbq
MD5

dad32a0cd14d8b4244a9df1cc9c82185
SHA1

6a00cf1e4026a7403eaf5ca328b63c417308c4df
SHA256

33f02815a25172b12a516e72ea50eb8ca40630bd74f63941020848888cbe1ea8
SHA512

c54d2495e0e65b6bd45f2407ef2fc9ae7a63884b362eaba0ce67023f6dce8be3ef97448f34ed1be09e5e9713f03d4d8e2b4719d2158df1b9891df0f6f1c72c8b

Score

10^/10

gozi_rm3 89820235 banker cryptone packer trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300898

Extracted

Family

gozi_rm3

Botnet

89820235

C2

https://exeupay.xyz

Attributes

build
300898
exe_type
loader
server_id
12
url_path
index.htm

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  33f02815a25172b12a516e72ea50eb8ca40630bd74f63941020848888cbe1ea8
- Size
  
  462KB
- MD5
  
  dad32a0cd14d8b4244a9df1cc9c82185
- SHA1
  
  6a00cf1e4026a7403eaf5ca328b63c417308c4df
- SHA256
  
  33f02815a25172b12a516e72ea50eb8ca40630bd74f63941020848888cbe1ea8
- SHA512
  
  c54d2495e0e65b6bd45f2407ef2fc9ae7a63884b362eaba0ce67023f6dce8be3ef97448f34ed1be09e5e9713f03d4d8e2b4719d2158df1b9891df0f6f1c72c8b
Score

10^/10

gozi_rm3 89820235 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm389820235bankertrojan

behavioral2

gozi_rm389820235bankertrojan