gozi_rm3 | 61970452081816271072dd600d435d6e352bd25e119d93a85332772d4275f216 | Triage

Sharing

General

Target

61970452081816271072dd600d435d6e352bd25e119d93a85332772d4275f216
Size

655KB
Sample

220724-vcmcvabda5
MD5

b1dec78a1ea2ac66cdc5b14f1b628fa1
SHA1

2a9506c5c02a2ab8e3d31d5059e8299b25eb5cc0
SHA256

61970452081816271072dd600d435d6e352bd25e119d93a85332772d4275f216
SHA512

d3283b7e506ba64dba74bad43a0428f2aa77a33b44d09e1b9f33ac5f9963874c30aedadac56b91a3e1b607c0a3ed44994e00c916814cedf125b95ae3431bd0c0

Score

10^/10

gozi_rm3 201910081 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Attributes

build
300787

Extracted

Family

gozi_rm3

Botnet

201910081

C2

https://kenneyai.xyz

Attributes

build
300787
exe_type
loader
server_id
12
url_path
index.htm

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  61970452081816271072dd600d435d6e352bd25e119d93a85332772d4275f216
- Size
  
  655KB
- MD5
  
  b1dec78a1ea2ac66cdc5b14f1b628fa1
- SHA1
  
  2a9506c5c02a2ab8e3d31d5059e8299b25eb5cc0
- SHA256
  
  61970452081816271072dd600d435d6e352bd25e119d93a85332772d4275f216
- SHA512
  
  d3283b7e506ba64dba74bad43a0428f2aa77a33b44d09e1b9f33ac5f9963874c30aedadac56b91a3e1b607c0a3ed44994e00c916814cedf125b95ae3431bd0c0
Score

10^/10

gozi_rm3 201910081 banker trojan
- Gozi RM3
  A heavily modified version of Gozi using RM3 loader.
  banker trojan gozi_rm3
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_rm3201910081bankertrojan

behavioral2

gozi_rm3201910081bankertrojan