gozi_rm3 | e1aef4524d415e65b90c985f54755d8336217bfb7bc72c50ce32d9dc88e1b07e | Triage

Sharing

General

Target

e1aef4524d415e65b90c985f54755d8336217bfb7bc72c50ce32d9dc88e1b07e
Size

908KB
Sample

220625-chtp1acch6
MD5

692f0c41a1c901093146fb46a8c5ca16
SHA1

a1dea48e55f4207711db12bb2abf4864041cbfff
SHA256

e1aef4524d415e65b90c985f54755d8336217bfb7bc72c50ce32d9dc88e1b07e
SHA512

106f59cc8d1a5b9ace12f749be24e5dbe2fa315dffa40fe53b5eab8b89c66bb9d1c9261024307b6406254bef9bf90875e952c3822f85b87a67f4a452d9250678

Score

10^/10

gozi_rm3 202004141 banker cryptone packer trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300854

Extracted

Family

gozi_rm3

Botnet

202004141

C2

https://devicelease.xyz

Attributes

build
300854
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12
url_path
index.htm

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  e1aef4524d415e65b90c985f54755d8336217bfb7bc72c50ce32d9dc88e1b07e
- Size
  
  908KB
- MD5
  
  692f0c41a1c901093146fb46a8c5ca16
- SHA1
  
  a1dea48e55f4207711db12bb2abf4864041cbfff
- SHA256
  
  e1aef4524d415e65b90c985f54755d8336217bfb7bc72c50ce32d9dc88e1b07e
- SHA512
  
  106f59cc8d1a5b9ace12f749be24e5dbe2fa315dffa40fe53b5eab8b89c66bb9d1c9261024307b6406254bef9bf90875e952c3822f85b87a67f4a452d9250678
Score

10^/10

gozi_rm3 202004141 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3202004141bankertrojan

behavioral2

gozi_rm3202004141bankertrojan