General
-
Target
SetupB.exe
-
Size
106.9MB
-
Sample
240830-mzd1zszgla
-
MD5
6d08b29380479ae826891008d02b7d6d
-
SHA1
43018daa3d82044ccf9e08359d4314d20feb6627
-
SHA256
ea64ee243fbb2cff3e78d8f7a929fe2ff65727e715efe1722a5907373ca85778
-
SHA512
f70b6ad7cce6754a7eb02068c253dd4239cfdd210f050204c956750d5eb91bfa19981cd330d0b80b12eab5f892dd97e4be1f9b823669711a5fa66f365fafec23
-
SSDEEP
3145728:uTP2DNQVoyPisEWE0RA7pJuKYVGd3aJYlKBJC:y2wiDWE01XGpOYlYJC
Static task
static1
Behavioral task
behavioral1
Sample
SetupB.exe
Resource
win11-20240802-en
Malware Config
Targets
-
-
Target
SetupB.exe
-
Size
106.9MB
-
MD5
6d08b29380479ae826891008d02b7d6d
-
SHA1
43018daa3d82044ccf9e08359d4314d20feb6627
-
SHA256
ea64ee243fbb2cff3e78d8f7a929fe2ff65727e715efe1722a5907373ca85778
-
SHA512
f70b6ad7cce6754a7eb02068c253dd4239cfdd210f050204c956750d5eb91bfa19981cd330d0b80b12eab5f892dd97e4be1f9b823669711a5fa66f365fafec23
-
SSDEEP
3145728:uTP2DNQVoyPisEWE0RA7pJuKYVGd3aJYlKBJC:y2wiDWE01XGpOYlYJC
-
Sakula payload
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1