General

  • Target

    002ccb89b14bb58e0723bca564b50a9155283c8dc90997513ae7ddf38520ab64

  • Size

    58KB

  • Sample

    220212-p3gmdsecbm

  • MD5

    a3d0351190a245fb4f8771af80de5340

  • SHA1

    b1daa6a37d225037b034df9bea811bbec7dd5bbf

  • SHA256

    002ccb89b14bb58e0723bca564b50a9155283c8dc90997513ae7ddf38520ab64

  • SHA512

    f53382cc3dfba3bc0ecfb1113607b69ace469c2d93a9615505ef44bc69c0810e2a5bed4db79005601e2b3163d34d3b242b67871b3ed150737f0058a10a11ff79

Malware Config

Targets

    • Target

      002ccb89b14bb58e0723bca564b50a9155283c8dc90997513ae7ddf38520ab64

    • Size

      58KB

    • MD5

      a3d0351190a245fb4f8771af80de5340

    • SHA1

      b1daa6a37d225037b034df9bea811bbec7dd5bbf

    • SHA256

      002ccb89b14bb58e0723bca564b50a9155283c8dc90997513ae7ddf38520ab64

    • SHA512

      f53382cc3dfba3bc0ecfb1113607b69ace469c2d93a9615505ef44bc69c0810e2a5bed4db79005601e2b3163d34d3b242b67871b3ed150737f0058a10a11ff79

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks