gozi | 915b0e6e8eb5733222414a3b6eed165430e9599f500121b18f3e6602fed1c3b1 | Triage

Sharing

General

Target

915b0e6e8eb5733222414a3b6eed165430e9599f500121b18f3e6602fed1c3b1
Size

3.8MB
Sample

230901-svp6cafd9y
MD5

f5cde4101fa24c2b651b197018e08a6e
SHA1

01b6cd7449c06e567d13e329e10785c2cc886880
SHA256

915b0e6e8eb5733222414a3b6eed165430e9599f500121b18f3e6602fed1c3b1
SHA512

2c5626471c7c4cb11ce191768302d335dca452205530774d161ce46fad38586cdeef7bb1684f5fa82bda95a40308c84518f1f9ecf1c72de4e96c933a2c19e4ae
SSDEEP

98304:nmXe6ygXLTjUy7nuaHr3dWa31XRbM5ZBYojqWv:nmuM3j17Jhsvjq0

Score

10^/10

gozi bootkit isfb persistence

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  915b0e6e8eb5733222414a3b6eed165430e9599f500121b18f3e6602fed1c3b1
- Size
  
  3.8MB
- MD5
  
  f5cde4101fa24c2b651b197018e08a6e
- SHA1
  
  01b6cd7449c06e567d13e329e10785c2cc886880
- SHA256
  
  915b0e6e8eb5733222414a3b6eed165430e9599f500121b18f3e6602fed1c3b1
- SHA512
  
  2c5626471c7c4cb11ce191768302d335dca452205530774d161ce46fad38586cdeef7bb1684f5fa82bda95a40308c84518f1f9ecf1c72de4e96c933a2c19e4ae
- SSDEEP
  
  98304:nmXe6ygXLTjUy7nuaHr3dWa31XRbM5ZBYojqWv:nmuM3j17Jhsvjq0
Score

7^/10

bootkit persistence
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence