Overview

overview

10

Static

static

1

zipbomb-20.../ratio

windows7-x64

10

zipbomb-20.../ratio

windows10-1703-x64

1

zipbomb-20.../ratio

windows10-2004-x64

1

zipbomb-20.../ratio

windows11-21h2-x64

1

zipbomb-20.../ratio

android-10-x64

zipbomb-20.../ratio

android-11-x64

zipbomb-20.../ratio

android-13-x64

zipbomb-20.../ratio

android-9-x86

zipbomb-20...ipbomb

windows7-x64

1

zipbomb-20...ipbomb

windows10-1703-x64

1

zipbomb-20...ipbomb

windows10-2004-x64

1

zipbomb-20...ipbomb

windows11-21h2-x64

1

zipbomb-20...ipbomb

android-10-x64

zipbomb-20...ipbomb

android-11-x64

zipbomb-20...ipbomb

android-13-x64

zipbomb-20...ipbomb

android-9-x86

Sharing

Copy URL
Twitter E-mail

General

  • Target

    zipbomb-20210121.zip

  • Size

    17KB

  • Sample

    240428-cfgbwsdg35

  • MD5

    4320c08f84b679e7ccd881ff4344da39

  • SHA1

    c0533e3d39c3409bf719dc21e585b63909c85b6e

  • SHA256

    50243fafe7407d88f08493ca53d61bd56504bf88fc35eabee2e7a391e08330ae

  • SHA512

    922af6b4dc627ef631675f3785364872bfb2ad923a75affd575c0b31c1ff75ad15a24b1090d5722aac82840c1359ba50c09c02c9dbe835a6ad97ce8cd6e713af

  • SSDEEP

    384:hJqkayeWAs3H3iR6NWrsp26OXmNiGHwr/2aicbCWffO:hJqxWAsniR6NndNiQnYfO

Score
10/10
goziandroidbankerevasionpersistenceransomwaretrojan

Malware Config

Targets

    • Target

      zipbomb-20210121/ratio

    • Size

      477B

    • MD5

      6be36ebf199052e55a4c7200e74f6da0

    • SHA1

      6452d368ec943a2a6c5fdd3fc9bdbf8c30b4fe33

    • SHA256

      0e05aaf43dd40aae943428b4a0684c389c468dfaa9e66af89374e47a037d4841

    • SHA512

      919b44596f943522aa0e930b0e71fd23004866a50874da701b577af7e4888323e7d0d07557a034fc85c33dd5541e28aaf54d52500d42dcc1de8993f9f4b16248

    Score
    10/10
    gozibankerevasionpersistenceransomwaretrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Modifies visibility of file extensions in Explorer

      evasion

    • Modifies Installed Components in the registry

      persistence

    • Drops startup file

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2behavioral3behavioral4behavioral5behavioral6behavioral7behavioral8

    • Target

      zipbomb-20210121/zipbomb

    • Size

      34KB

    • MD5

      5a4c839be1a6e0a72395de3a0d4eeebc

    • SHA1

      593e85312eb1f681ebdd8d88c9bd9ba93a4c418e

    • SHA256

      e12ea83f8be28647b25085c30f696dc876ed225f41eb6ef24c6b2433177095c5

    • SHA512

      5e7036fda9b65d3499480fe489479f7396e426360f3bbadd016729c484727136bbd85ce13a2f77882b1e081426701cfe4d094faea627bafc5733b984f52faecf

    • SSDEEP

      768:s2EwFQbROaoQh9O8T75fMbqpGEWm6i2KYmWJ4F7Sws:s2TFcGDU75fMGysgmWKM

    Score
    1/10
    behavioral10behavioral11behavioral12behavioral13behavioral14behavioral15behavioral16behavioral9

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Modify Registry

6
T1112

Credential Access

Discovery

Query Registry

4
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

1
T1491

Resource Development

Reconnaissance

Tasks