General

  • Target

    810a7a2bb19b7be9fadd7beb2818820f910e347ccf62e62ebea6a53d777e4439

  • Size

    98KB

  • Sample

    221017-ksmy7sbbf5

  • MD5

    0d2af9275f5f54e66252073ef1c029fb

  • SHA1

    930bb4bc07c92f7798b49c68aea6796982fe2a6d

  • SHA256

    810a7a2bb19b7be9fadd7beb2818820f910e347ccf62e62ebea6a53d777e4439

  • SHA512

    1bd9eaf67eccbda0fa55c5064825bc8fbbed61db250ef314329bd08322263f331745e05e89e442abbff908dc8d8cfa4a8ecc925572b057ae5901a1aa59570401

  • SSDEEP

    1536:XQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+ees52z30rtrduxzub:429DkEGRQixVSjLaes5G30B+E

Malware Config

Targets

    • Target

      810a7a2bb19b7be9fadd7beb2818820f910e347ccf62e62ebea6a53d777e4439

    • Size

      98KB

    • MD5

      0d2af9275f5f54e66252073ef1c029fb

    • SHA1

      930bb4bc07c92f7798b49c68aea6796982fe2a6d

    • SHA256

      810a7a2bb19b7be9fadd7beb2818820f910e347ccf62e62ebea6a53d777e4439

    • SHA512

      1bd9eaf67eccbda0fa55c5064825bc8fbbed61db250ef314329bd08322263f331745e05e89e442abbff908dc8d8cfa4a8ecc925572b057ae5901a1aa59570401

    • SSDEEP

      1536:XQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+ees52z30rtrduxzub:429DkEGRQixVSjLaes5G30B+E

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Tasks