gozi | ff717e1878c20d1c2a920f80bac4bc7588f72c0b259bca3b4b212502e673b153 | Triage

Sharing

General

Target

ff717e1878c20d1c2a920f80bac4bc7588f72c0b259bca3b4b212502e673b153
Size

3.5MB
Sample

240224-a2j9kadc25
MD5

07d25aeebb7fc869d5cd8419550e2073
SHA1

5289662d159711962da7452dc412f41f3df9b089
SHA256

ff717e1878c20d1c2a920f80bac4bc7588f72c0b259bca3b4b212502e673b153
SHA512

dd5c9fb578b943113799f7d82c801b160e4ca2070a95a856911669cf077234a1c97fb12c3300c60715c08116edf1663eccb9442516d9444bb1eff37706ecaaa6
SSDEEP

98304:AEjlmQbfgSgwvSnN4iVJur0xM/licQBqn:AEjgQPXq0/xQBqn

Score

10^/10

gozi bootkit isfb persistence

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  ff717e1878c20d1c2a920f80bac4bc7588f72c0b259bca3b4b212502e673b153
- Size
  
  3.5MB
- MD5
  
  07d25aeebb7fc869d5cd8419550e2073
- SHA1
  
  5289662d159711962da7452dc412f41f3df9b089
- SHA256
  
  ff717e1878c20d1c2a920f80bac4bc7588f72c0b259bca3b4b212502e673b153
- SHA512
  
  dd5c9fb578b943113799f7d82c801b160e4ca2070a95a856911669cf077234a1c97fb12c3300c60715c08116edf1663eccb9442516d9444bb1eff37706ecaaa6
- SSDEEP
  
  98304:AEjlmQbfgSgwvSnN4iVJur0xM/licQBqn:AEjgQPXq0/xQBqn
Score

7^/10

bootkit persistence
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence