gozi_rm3 | 807b71dfeff6ca8b0f32042a2acf061f797d42a04db0de077e3f34a5777bdc1e | Triage

Sharing

General

Target

807b71dfeff6ca8b0f32042a2acf061f797d42a04db0de077e3f34a5777bdc1e
Size

249KB
Sample

220524-xncznahhfr
MD5

d6242950c693ca64c97699bf448788ce
SHA1

82a91b2df6a4d391e7a66384eff82c7894d670c3
SHA256

807b71dfeff6ca8b0f32042a2acf061f797d42a04db0de077e3f34a5777bdc1e
SHA512

5c70ea18781568c91cfdad32cb83c4802c9f23c1c93944430d1ef4a398e2f4c1be8499796bb3fbc436582a8eb4465e59a51e250b8980d1225b9da96eb3ceb767

Score

10^/10

gozi_rm3 90420251 banker cryptone packer trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300904

Extracted

Family

gozi_rm3

Botnet

90420251

C2

https://vvietnamnews.xyz

Attributes

build
300904
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  807b71dfeff6ca8b0f32042a2acf061f797d42a04db0de077e3f34a5777bdc1e
- Size
  
  249KB
- MD5
  
  d6242950c693ca64c97699bf448788ce
- SHA1
  
  82a91b2df6a4d391e7a66384eff82c7894d670c3
- SHA256
  
  807b71dfeff6ca8b0f32042a2acf061f797d42a04db0de077e3f34a5777bdc1e
- SHA512
  
  5c70ea18781568c91cfdad32cb83c4802c9f23c1c93944430d1ef4a398e2f4c1be8499796bb3fbc436582a8eb4465e59a51e250b8980d1225b9da96eb3ceb767
Score

10^/10

gozi_rm3 90420251 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm390420251bankertrojan

behavioral2

gozi_rm390420251bankertrojan