General
-
Target
a059a7c3bc9df0abd41b5ee21531de2fa666db3f5ee91deef943f81a29ce92d1
-
Size
3.4MB
-
Sample
240223-yc9d6agf2y
-
MD5
3af018c9da29b7b3b1f4b56bbe638738
-
SHA1
736c50c6cb6ab289d7e7b35e3afa57a3a6dbe57f
-
SHA256
a059a7c3bc9df0abd41b5ee21531de2fa666db3f5ee91deef943f81a29ce92d1
-
SHA512
61ad0a994ad25e1a0fe31f2e2e4d6ddd7b4f8c01935851fc352b874c08734c0f303f26a9430de06f5340c943169dcfc0ab9134f3476c76f535376d11bb442076
-
SSDEEP
49152:qEjEamQb2OguN8Dfk5JEG14wv2QwnN4iTapOcaPKfjtD8cEOxeuxzS2hPV5T1gWd:qEjlmQbfgSgwvSnN4iVJuS0xJdzYUqk
Malware Config
Extracted
gozi
Targets
-
-
Target
a059a7c3bc9df0abd41b5ee21531de2fa666db3f5ee91deef943f81a29ce92d1
-
Size
3.4MB
-
MD5
3af018c9da29b7b3b1f4b56bbe638738
-
SHA1
736c50c6cb6ab289d7e7b35e3afa57a3a6dbe57f
-
SHA256
a059a7c3bc9df0abd41b5ee21531de2fa666db3f5ee91deef943f81a29ce92d1
-
SHA512
61ad0a994ad25e1a0fe31f2e2e4d6ddd7b4f8c01935851fc352b874c08734c0f303f26a9430de06f5340c943169dcfc0ab9134f3476c76f535376d11bb442076
-
SSDEEP
49152:qEjEamQb2OguN8Dfk5JEG14wv2QwnN4iTapOcaPKfjtD8cEOxeuxzS2hPV5T1gWd:qEjlmQbfgSgwvSnN4iVJuS0xJdzYUqk
Score7/10-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-