General

  • Target

    05fba7326df1956a24bf1ab30e656201fdea9f05465ec5777bd9a815a6f6c1d9

  • Size

    150KB

  • Sample

    220212-mxxqbabde8

  • MD5

    b3bde2328a2a7e9642ba2b223c06336c

  • SHA1

    a9dab987c14d05b4234e1ad5f02ba443296cb5ea

  • SHA256

    05fba7326df1956a24bf1ab30e656201fdea9f05465ec5777bd9a815a6f6c1d9

  • SHA512

    25f8cc9ac10147c59fc13b648d7c2b0e411da2db080fef275ad04450e13b9a0cdc306c91e6a43ef4f6e9b3e7abcc74bb058474f3f498815c9114ee740022df61

Malware Config

Targets

    • Target

      05fba7326df1956a24bf1ab30e656201fdea9f05465ec5777bd9a815a6f6c1d9

    • Size

      150KB

    • MD5

      b3bde2328a2a7e9642ba2b223c06336c

    • SHA1

      a9dab987c14d05b4234e1ad5f02ba443296cb5ea

    • SHA256

      05fba7326df1956a24bf1ab30e656201fdea9f05465ec5777bd9a815a6f6c1d9

    • SHA512

      25f8cc9ac10147c59fc13b648d7c2b0e411da2db080fef275ad04450e13b9a0cdc306c91e6a43ef4f6e9b3e7abcc74bb058474f3f498815c9114ee740022df61

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks