Overview

overview

10

Static

static

59cb5e6e31...e4.exe

windows7-x64

10

59cb5e6e31...e4.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    59cb5e6e313a1d8ed79c5cadb5c4bad5b3451178a509d2d9fc0d7f7dc6a638e4

  • Size

    2.9MB

  • Sample

    220724-dbdkwacdg8

  • MD5

    2686a3ff73287ad1f874a0a4c2470af5

  • SHA1

    73542f96a0cc31e4cf5c7ae94366587a572a2ac3

  • SHA256

    59cb5e6e313a1d8ed79c5cadb5c4bad5b3451178a509d2d9fc0d7f7dc6a638e4

  • SHA512

    c69ec47c273724c78839a4ace51e1b0ab1ddfd40eefece23a684328cecc3b9467c6f84b1aee864c326622f8937c81f87e05aed3df113eb070b77e201d3ef93f3

Score
10/10
gozi_rm3bankerpersistencetrojan

Malware Config

Targets

    • Target

      59cb5e6e313a1d8ed79c5cadb5c4bad5b3451178a509d2d9fc0d7f7dc6a638e4

    • Size

      2.9MB

    • MD5

      2686a3ff73287ad1f874a0a4c2470af5

    • SHA1

      73542f96a0cc31e4cf5c7ae94366587a572a2ac3

    • SHA256

      59cb5e6e313a1d8ed79c5cadb5c4bad5b3451178a509d2d9fc0d7f7dc6a638e4

    • SHA512

      c69ec47c273724c78839a4ace51e1b0ab1ddfd40eefece23a684328cecc3b9467c6f84b1aee864c326622f8937c81f87e05aed3df113eb070b77e201d3ef93f3

    Score
    10/10
    gozi_rm3bankertrojanpersistence

    • Gozi RM3

      A heavily modified version of Gozi using RM3 loader.

      bankertrojangozi_rm3

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks