General
-
Target
5695f47c4d45a9b732c0eeaa9386a3d033bb62625732af61be06c0f1d6f6b5c0
-
Size
3.4MB
-
Sample
240515-cqbt6ach97
-
MD5
05deccf818c5c78de3b3d01174bd8b4c
-
SHA1
6f267635d2a5e02912b1af9716ca6941115a8d83
-
SHA256
5695f47c4d45a9b732c0eeaa9386a3d033bb62625732af61be06c0f1d6f6b5c0
-
SHA512
c41c8c1fb376e54239b1801d1435e48df082f23a33090bc7bb2429c1cc374848243f0d53163784a0e8acbaa63e42d75d73397306d00bff1eea80580b0655f23e
-
SSDEEP
49152:mEjEamQb2OguN8Dfk5JEG14wv2QwnN4iTapOcaPKfjtD8cEOxeuxzS2hPV5T1gWE:mEjlmQbfgSgwvSnN4iVJuR0xSVhkMPqj
Behavioral task
behavioral1
Sample
5695f47c4d45a9b732c0eeaa9386a3d033bb62625732af61be06c0f1d6f6b5c0.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
5695f47c4d45a9b732c0eeaa9386a3d033bb62625732af61be06c0f1d6f6b5c0.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
gozi
Targets
-
-
Target
5695f47c4d45a9b732c0eeaa9386a3d033bb62625732af61be06c0f1d6f6b5c0
-
Size
3.4MB
-
MD5
05deccf818c5c78de3b3d01174bd8b4c
-
SHA1
6f267635d2a5e02912b1af9716ca6941115a8d83
-
SHA256
5695f47c4d45a9b732c0eeaa9386a3d033bb62625732af61be06c0f1d6f6b5c0
-
SHA512
c41c8c1fb376e54239b1801d1435e48df082f23a33090bc7bb2429c1cc374848243f0d53163784a0e8acbaa63e42d75d73397306d00bff1eea80580b0655f23e
-
SSDEEP
49152:mEjEamQb2OguN8Dfk5JEG14wv2QwnN4iTapOcaPKfjtD8cEOxeuxzS2hPV5T1gWE:mEjlmQbfgSgwvSnN4iVJuR0xSVhkMPqj
Score7/10-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-