gozi_rm3 | c05709cd622e7fa92df7b0361506f722548afa44c987594c2d5d9945ad720f17 | Triage

Analysis

max time kernel
47s
max time network
146s
platform
windows7_x64
resource
win7-20220414-en
submitted
24-05-2022 13:35

Sharing

Report Analysis Logs

General

Target

c05709cd622e7fa92df7b0361506f722548afa44c987594c2d5d9945ad720f17.exe
Size

249KB
MD5

8d0685354de8da460befcb05662431c1
SHA1

79eb89217382f50b2311e6287c12b682c35e868c
SHA256

c05709cd622e7fa92df7b0361506f722548afa44c987594c2d5d9945ad720f17
SHA512

c8f75615971083cd216c969134af48c03c2ef44e3e1f03aa822bd67686a6344b1ec6d38270beda0c745ace27bbade4b1b51e371fad10d9f1c20d4d0953cb18ac

Score

10^/10

gozi_rm3 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300904

Signatures

Gozi RM3
A heavily modified version of Gozi using RM3 loader.
banker trojan gozi_rm3
Modifies Internet Explorer settings 1 TTPs 1 IoCs
adware spyware

Modify Registry
T1112

Processes:

iexplore.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe

C:\Users\Admin\AppData\Local\Temp\c05709cd622e7fa92df7b0361506f722548afa44c987594c2d5d9945ad720f17.exe
"C:\Users\Admin\AppData\Local\Temp\c05709cd622e7fa92df7b0361506f722548afa44c987594c2d5d9945ad720f17.exe"
1⤵
PID:360

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
PID:592

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:592 CREDAT:275457 /prefetch:2
2⤵
PID:1268

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/360-54-0x0000000075E31000-0x0000000075E33000-memory.dmp

Filesize
8KB

Download
memory/360-55-0x00000000002C0000-0x00000000002E8000-memory.dmp

Filesize
160KB

Download
memory/360-56-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/360-57-0x0000000000220000-0x0000000000237000-memory.dmp

Filesize
92KB

Download