General

  • Target

    BHome.exe

  • Size

    21.4MB

  • Sample

    240830-nsmvzssbma

  • MD5

    0c6978591a5f3cda55f0da83febbd2f4

  • SHA1

    55c8874f825c010abcd5951683038aee1110ba18

  • SHA256

    e9dc773fe8246ace37a19aad94ad019eaae4c026ab4b30d01d135762a1f891b7

  • SHA512

    74b8be13cf24485b7b5a25a49fd322d7906c15408ad13b4253b4dfbbe1218fdff20052d89089bfa3663fb067a402d16b4ec3ba521678da8de64c5da55be248bd

  • SSDEEP

    393216:UzlREqNYxoTvYb7VCAeXjE5g+W33hM2qAxJZApoZ5xzT+2Q35DvP/hdo:k/EqmCYbFeXY5g+GM2qARAkxHhQpTP/w

Malware Config

Targets

    • Target

      BHome.exe

    • Size

      21.4MB

    • MD5

      0c6978591a5f3cda55f0da83febbd2f4

    • SHA1

      55c8874f825c010abcd5951683038aee1110ba18

    • SHA256

      e9dc773fe8246ace37a19aad94ad019eaae4c026ab4b30d01d135762a1f891b7

    • SHA512

      74b8be13cf24485b7b5a25a49fd322d7906c15408ad13b4253b4dfbbe1218fdff20052d89089bfa3663fb067a402d16b4ec3ba521678da8de64c5da55be248bd

    • SSDEEP

      393216:UzlREqNYxoTvYb7VCAeXjE5g+W33hM2qAxJZApoZ5xzT+2Q35DvP/hdo:k/EqmCYbFeXY5g+GM2qARAkxHhQpTP/w

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula payload

    • Sets service image path in registry

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops Chrome extension

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

MITRE ATT&CK Enterprise v15

Tasks