gozi_rm3 | 2e219d0b2ce2572be4cc11b81ed7e908d483ee7dc0ca28cb83f8109ce8a78cb6 | Triage

Submit
Reports

Overview

overview

Static

static

2e219d0b2c...b6.exe

windows7_x64

2e219d0b2c...b6.exe

windows10-2004_x64

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

2e219d0b2ce2572be4cc11b81ed7e908d483ee7dc0ca28cb83f8109ce8a78cb6.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

2e219d0b2ce2572be4cc11b81ed7e908d483ee7dc0ca28cb83f8109ce8a78cb6.exe

Resource

win10v2004-20220414-en

gozi_rm3 1000 banker trojan

windows10-2004_x64

0 signatures

0 seconds

General

Target

2e219d0b2ce2572be4cc11b81ed7e908d483ee7dc0ca28cb83f8109ce8a78cb6
Size

42KB
MD5

c962cbc49ce85c1d1068bb0fafc8995a
SHA1

148ccfe986159a1e46409921a105d52327289342
SHA256

2e219d0b2ce2572be4cc11b81ed7e908d483ee7dc0ca28cb83f8109ce8a78cb6
SHA512

20924beb9f16affa98fbe388fffcb28fcd710e00de5b9db4259fbabd49db849431523364f1eb451718cfbc12829a40f56eae0752f7ba0a5a78c088ce70e64191
SSDEEP

768:90Q618+/ERYBsnS8raDrMoyiZThOm8wNnzb67whSO7nm/rgQHqQDk:uQ618eRCnSCa0oyiZThOm8wNnv0Qm/rk

Score

10^/10

gozi_rm3

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300799

Signatures

Gozi_rm3 family
gozi_rm3

Files

2e219d0b2ce2572be4cc11b81ed7e908d483ee7dc0ca28cb83f8109ce8a78cb6
.exe windows x86

9247d7cdfe272ec9eab8c038027ce17a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetProcessHeap
GetLastError
GetModuleHandleA
GetTickCount
VirtualProtect
VirtualFree
VirtualAlloc
GetModuleHandleW
LoadLibraryW
GetProcAddress
lstrlenW
lstrlenA
HeapAlloc
HeapFree
WaitForSingleObject
CloseHandle
CreateEventA

ntdll

memcpy
memset
RtlUnwind
NtQueryVirtualMemory

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 706B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy