General
-
Target
BHome.exe
-
Size
18.8MB
-
Sample
231022-p3zg7sab68
-
MD5
57602de14c4fe21a8a41b248eb1aacca
-
SHA1
745e046d2bfc1339ef2394252f8cf9b4bf635138
-
SHA256
ae53fdca2fd489fbfd1f2548ef0522d8099e66a6bd97f57a288b5e10f69af2ee
-
SHA512
0502000c18d2ba9d944e1a40c2e6e3167f3682b5d1ab28f784e827af9f045a180c29f1669c0647118323dd2c1a6084051bfc5f9bb536dec74262be00b4c3a168
-
SSDEEP
393216:XpwUHXphPX/Nag1pMzxrFGZlYTR2tZK7E0kWQl8IbkyY:ZwGhPXlvyzlFsjtZf0kdlBAV
Malware Config
Targets
-
-
Target
BHome.exe
-
Size
18.8MB
-
MD5
57602de14c4fe21a8a41b248eb1aacca
-
SHA1
745e046d2bfc1339ef2394252f8cf9b4bf635138
-
SHA256
ae53fdca2fd489fbfd1f2548ef0522d8099e66a6bd97f57a288b5e10f69af2ee
-
SHA512
0502000c18d2ba9d944e1a40c2e6e3167f3682b5d1ab28f784e827af9f045a180c29f1669c0647118323dd2c1a6084051bfc5f9bb536dec74262be00b4c3a168
-
SSDEEP
393216:XpwUHXphPX/Nag1pMzxrFGZlYTR2tZK7E0kWQl8IbkyY:ZwGhPXlvyzlFsjtZf0kdlBAV
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula payload
-
Sets service image path in registry
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops Chrome extension
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Browser Extensions
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3