gozi | d347566306ea445034affa3d94a3a92f4fe12b70f4b8569627286cdea735be33 | Triage

Sharing

General

Target

d347566306ea445034affa3d94a3a92f4fe12b70f4b8569627286cdea735be33
Size

3.5MB
Sample

240224-aw7snsda98
MD5

1634f8129e24c1a3767c53fa703e4dc2
SHA1

92bd9665624beea61551b6b0bd00341defba44c9
SHA256

d347566306ea445034affa3d94a3a92f4fe12b70f4b8569627286cdea735be33
SHA512

7eb4a0fd5ca852821fbe4224030dec585066c4765b129a0cf4ed1d1a9bb34fac9b05fdec4fd1b2298afcda9b854222a2b17f5093c3ea0174bef837c990a741e6
SSDEEP

98304:oEjlmQbfgSgwvSnN4iVJur0xM/licQBq2:oEjgQPXq0/xQBq2

Score

10^/10

gozi bootkit isfb persistence

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  d347566306ea445034affa3d94a3a92f4fe12b70f4b8569627286cdea735be33
- Size
  
  3.5MB
- MD5
  
  1634f8129e24c1a3767c53fa703e4dc2
- SHA1
  
  92bd9665624beea61551b6b0bd00341defba44c9
- SHA256
  
  d347566306ea445034affa3d94a3a92f4fe12b70f4b8569627286cdea735be33
- SHA512
  
  7eb4a0fd5ca852821fbe4224030dec585066c4765b129a0cf4ed1d1a9bb34fac9b05fdec4fd1b2298afcda9b854222a2b17f5093c3ea0174bef837c990a741e6
- SSDEEP
  
  98304:oEjlmQbfgSgwvSnN4iVJur0xM/licQBq2:oEjgQPXq0/xQBq2
Score

7^/10

bootkit persistence
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence