gozi | dd26733ff65004d497c42ab8f868c9ead2ecd5e0ec5030fe5cbf5a4dbf117faa | Triage

Sharing

General

Target

dd26733ff65004d497c42ab8f868c9ead2ecd5e0ec5030fe5cbf5a4dbf117faa
Size

3.4MB
Sample

240511-dsx1vadb28
MD5

2fa9e98586d389c987f558fa51652b4e
SHA1

1d837677d13de91098b8d960589ae7d88a6e89b0
SHA256

dd26733ff65004d497c42ab8f868c9ead2ecd5e0ec5030fe5cbf5a4dbf117faa
SHA512

fc752e7f4e37ee66ed62b4713ca15ae7730d08d90c423c4c9170f6f953f23d77d72bcb29e3d397a28379c0deeb0046495be759599a06b8561c9c68a1a43ab0cc
SSDEEP

49152:DEjEamQb2OguN8Dfk5JEG14wv2QwnN4iTapOcaPKfjtD8cEOxeuxzS2hPV5T1gWD:DEjlmQbfgSgwvSnN4iVJuS0xJdzYUqa

Score

10^/10

gozi bootkit isfb persistence

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  dd26733ff65004d497c42ab8f868c9ead2ecd5e0ec5030fe5cbf5a4dbf117faa
- Size
  
  3.4MB
- MD5
  
  2fa9e98586d389c987f558fa51652b4e
- SHA1
  
  1d837677d13de91098b8d960589ae7d88a6e89b0
- SHA256
  
  dd26733ff65004d497c42ab8f868c9ead2ecd5e0ec5030fe5cbf5a4dbf117faa
- SHA512
  
  fc752e7f4e37ee66ed62b4713ca15ae7730d08d90c423c4c9170f6f953f23d77d72bcb29e3d397a28379c0deeb0046495be759599a06b8561c9c68a1a43ab0cc
- SSDEEP
  
  49152:DEjEamQb2OguN8Dfk5JEG14wv2QwnN4iTapOcaPKfjtD8cEOxeuxzS2hPV5T1gWD:DEjlmQbfgSgwvSnN4iVJuS0xJdzYUqa
Score

7^/10

bootkit persistence
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence