Overview

overview

10

Static

static

10

7b425ba154...6f.exe

windows7-x64

7

7b425ba154...6f.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7b425ba154e29a76a235369f8e1b70f33f5d48f317e9c53b743cbfe5e1858a6f

  • Size

    3.5MB

  • Sample

    240524-d4sv9sbe4x

  • MD5

    04fd12b4e1e493fe61d639cda9620e5b

  • SHA1

    729a6e31398ea7eb8b6ed1a881c7667425a6e18d

  • SHA256

    7b425ba154e29a76a235369f8e1b70f33f5d48f317e9c53b743cbfe5e1858a6f

  • SHA512

    2443cca3bfc1cdb4f24a253d1cde8f3443bf743c921e19bfa57ec283e94381530631297b36fcf197af4e9bfbfee4e8f9ef789d29b2011bfdf3a5c66915e59096

  • SSDEEP

    49152:NEjEamQb2OguN8Dfk5JEG14wv2QwnN4iTapOcaPKfjtD8cEOxeuxzS2hPV5T1gWn:NEjlmQbfgSgwvSnN4iVJuF0xfreseqc

Score
10/10
gozibootkitisfbpersistence

Malware Config

Extracted

Family

gozi

Targets

    • Target

      7b425ba154e29a76a235369f8e1b70f33f5d48f317e9c53b743cbfe5e1858a6f

    • Size

      3.5MB

    • MD5

      04fd12b4e1e493fe61d639cda9620e5b

    • SHA1

      729a6e31398ea7eb8b6ed1a881c7667425a6e18d

    • SHA256

      7b425ba154e29a76a235369f8e1b70f33f5d48f317e9c53b743cbfe5e1858a6f

    • SHA512

      2443cca3bfc1cdb4f24a253d1cde8f3443bf743c921e19bfa57ec283e94381530631297b36fcf197af4e9bfbfee4e8f9ef789d29b2011bfdf3a5c66915e59096

    • SSDEEP

      49152:NEjEamQb2OguN8Dfk5JEG14wv2QwnN4iTapOcaPKfjtD8cEOxeuxzS2hPV5T1gWn:NEjlmQbfgSgwvSnN4iVJuF0xfreseqc

    Score
    7/10
    bootkitpersistence

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks