Overview

overview

10

Static

static

10

04732128b7...64.exe

windows7-x64

7

04732128b7...64.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    04732128b7057cc1c8f8ae18b36fedd62d91f015bb5c73ec6020507d467a1c64

  • Size

    3.5MB

  • Sample

    240523-2nlzsabh65

  • MD5

    02b57782159b39cbdcea2f6236ca60d2

  • SHA1

    910ed6cd32b9fa278eff0db51f41658a82bb7336

  • SHA256

    04732128b7057cc1c8f8ae18b36fedd62d91f015bb5c73ec6020507d467a1c64

  • SHA512

    8498e564fd11c0d7b7742ab44294dd813ff2f3a70982223d4785736d027562d846487a5737afd7e61856c734b86640eaae76b5693c88ab5015b07c7d0ba83197

  • SSDEEP

    49152:CEjEamQb2OguN8Dfk5JEG14wv2QwnN4iTapOcaPKfjtD8cEOxeuxzS2hPV5T1gWy:CEjlmQbfgSgwvSnN4iVJuF0xfreseq9

Score
10/10
gozibootkitisfbpersistence

Malware Config

Extracted

Family

gozi

Targets

    • Target

      04732128b7057cc1c8f8ae18b36fedd62d91f015bb5c73ec6020507d467a1c64

    • Size

      3.5MB

    • MD5

      02b57782159b39cbdcea2f6236ca60d2

    • SHA1

      910ed6cd32b9fa278eff0db51f41658a82bb7336

    • SHA256

      04732128b7057cc1c8f8ae18b36fedd62d91f015bb5c73ec6020507d467a1c64

    • SHA512

      8498e564fd11c0d7b7742ab44294dd813ff2f3a70982223d4785736d027562d846487a5737afd7e61856c734b86640eaae76b5693c88ab5015b07c7d0ba83197

    • SSDEEP

      49152:CEjEamQb2OguN8Dfk5JEG14wv2QwnN4iTapOcaPKfjtD8cEOxeuxzS2hPV5T1gWy:CEjlmQbfgSgwvSnN4iVJuF0xfreseq9

    Score
    7/10
    bootkitpersistence

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks