gozi_rm3 | e0c8833039a33a3fbc02b5d0837a827f267b6fc2f943b8d3533f83530eb041a2 | Triage

Sharing

General

Target

e0c8833039a33a3fbc02b5d0837a827f267b6fc2f943b8d3533f83530eb041a2
Size

908KB
Sample

220524-t1qvhadcgm
MD5

5b77d76a1b194c50deafdbea63218f82
SHA1

6c73f0958f51d0f1be7153d5428a69dcad6e3438
SHA256

e0c8833039a33a3fbc02b5d0837a827f267b6fc2f943b8d3533f83530eb041a2
SHA512

0227fc7fc227197d83611c184f12ba7d79dd63ca1c552d48f7e4199d1d617db98823d371f4c726b0d4cf0f7818953927e95a892f0b602d495b1385f6d05d2119

Score

10^/10

gozi_rm3 202004141 banker cryptone packer trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300854

Extracted

Family

gozi_rm3

Botnet

202004141

C2

https://devicelease.xyz

Attributes

build
300854
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12
url_path
index.htm

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  e0c8833039a33a3fbc02b5d0837a827f267b6fc2f943b8d3533f83530eb041a2
- Size
  
  908KB
- MD5
  
  5b77d76a1b194c50deafdbea63218f82
- SHA1
  
  6c73f0958f51d0f1be7153d5428a69dcad6e3438
- SHA256
  
  e0c8833039a33a3fbc02b5d0837a827f267b6fc2f943b8d3533f83530eb041a2
- SHA512
  
  0227fc7fc227197d83611c184f12ba7d79dd63ca1c552d48f7e4199d1d617db98823d371f4c726b0d4cf0f7818953927e95a892f0b602d495b1385f6d05d2119
Score

10^/10

gozi_rm3 202004141 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi_rm3202004141bankertrojan

behavioral2

gozi_rm3202004141bankertrojan