Overview

overview

10

Static

static

10

54ba260ec3...7b.exe

windows7-x64

7

54ba260ec3...7b.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    54ba260ec3e0477b1b7c83bf5a4c1cdc561e5b0b53b33fb472df7b6458933b7b

  • Size

    3.4MB

  • Sample

    240524-ffhrhaea2s

  • MD5

    09bc353c0cee48f379129b6730ef9522

  • SHA1

    454aa2bc762886e101a3e780ed5a8e2bfacee9ac

  • SHA256

    54ba260ec3e0477b1b7c83bf5a4c1cdc561e5b0b53b33fb472df7b6458933b7b

  • SHA512

    fead684a4a0763c221bb797a060004f0702c0fb1590e050a4f258b9e9c314e3047c2ab3b44f2980dc6738d459e90076d4b8b8e5d6cc72ac89fddf21bf16e43cb

  • SSDEEP

    49152:UEjEamQb2OguN8Dfk5JEG14wv2QwnN4iTapOcaPKfjtD8cEOxeuxzS2hPV5T1gWc:UEjlmQbfgSgwvSnN4iVJuS0xJdzYUql

Score
10/10
gozibootkitisfbpersistence

Malware Config

Extracted

Family

gozi

Targets

    • Target

      54ba260ec3e0477b1b7c83bf5a4c1cdc561e5b0b53b33fb472df7b6458933b7b

    • Size

      3.4MB

    • MD5

      09bc353c0cee48f379129b6730ef9522

    • SHA1

      454aa2bc762886e101a3e780ed5a8e2bfacee9ac

    • SHA256

      54ba260ec3e0477b1b7c83bf5a4c1cdc561e5b0b53b33fb472df7b6458933b7b

    • SHA512

      fead684a4a0763c221bb797a060004f0702c0fb1590e050a4f258b9e9c314e3047c2ab3b44f2980dc6738d459e90076d4b8b8e5d6cc72ac89fddf21bf16e43cb

    • SSDEEP

      49152:UEjEamQb2OguN8Dfk5JEG14wv2QwnN4iTapOcaPKfjtD8cEOxeuxzS2hPV5T1gWc:UEjlmQbfgSgwvSnN4iVJuS0xJdzYUql

    Score
    7/10
    bootkitpersistence

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks