General

  • Target

    016ad222369dd44a3ec87c04ec05b55a3d666f494aeae53a5d6cd48c7e7c15ba

  • Size

    79KB

  • Sample

    220212-pndxysccc9

  • MD5

    ca1bfb44e9364798e5f1a9aa28be6010

  • SHA1

    15b6d994949ca6a24cefe27a86ffbed3126a9aae

  • SHA256

    016ad222369dd44a3ec87c04ec05b55a3d666f494aeae53a5d6cd48c7e7c15ba

  • SHA512

    52357b46f111bbb08a3456a45ee2f3ccd43bdc8c887a6d55e39e58a957ae24c505f22a2873927ef41a3e038fd43c8710e7c0b3d2e8498255fb44afeaacd76ed2

Malware Config

Targets

    • Target

      016ad222369dd44a3ec87c04ec05b55a3d666f494aeae53a5d6cd48c7e7c15ba

    • Size

      79KB

    • MD5

      ca1bfb44e9364798e5f1a9aa28be6010

    • SHA1

      15b6d994949ca6a24cefe27a86ffbed3126a9aae

    • SHA256

      016ad222369dd44a3ec87c04ec05b55a3d666f494aeae53a5d6cd48c7e7c15ba

    • SHA512

      52357b46f111bbb08a3456a45ee2f3ccd43bdc8c887a6d55e39e58a957ae24c505f22a2873927ef41a3e038fd43c8710e7c0b3d2e8498255fb44afeaacd76ed2

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks