General

  • Target

    1a81e9a720d63a7e5534fa8101daacfb89fceb1cbd2dc53be16d9f27651bd137

  • Size

    60KB

  • Sample

    221018-bwvc1sdhg7

  • MD5

    2d86ea35b749cd52aeff4d266e16fa76

  • SHA1

    13ddadc253699a608d66b473c4bb1cbb03d7ceb2

  • SHA256

    1a81e9a720d63a7e5534fa8101daacfb89fceb1cbd2dc53be16d9f27651bd137

  • SHA512

    4f670c031458ab0747a86f4af09c620ed9bce0e216b8732ef2b1e74f415f6d9463e55087c5bc4afd413e8c695478af51123d22e3fbff37f2b2663ccff42e7886

  • SSDEEP

    1536:iZioIoCwbYP4nuEApQK4TQbtY2gA9DX+ytBO8c3G3eTJ/a:iEoIlwIguEA4c5DgA9DOyq0eFi

Malware Config

Targets

    • Target

      1a81e9a720d63a7e5534fa8101daacfb89fceb1cbd2dc53be16d9f27651bd137

    • Size

      60KB

    • MD5

      2d86ea35b749cd52aeff4d266e16fa76

    • SHA1

      13ddadc253699a608d66b473c4bb1cbb03d7ceb2

    • SHA256

      1a81e9a720d63a7e5534fa8101daacfb89fceb1cbd2dc53be16d9f27651bd137

    • SHA512

      4f670c031458ab0747a86f4af09c620ed9bce0e216b8732ef2b1e74f415f6d9463e55087c5bc4afd413e8c695478af51123d22e3fbff37f2b2663ccff42e7886

    • SSDEEP

      1536:iZioIoCwbYP4nuEApQK4TQbtY2gA9DX+ytBO8c3G3eTJ/a:iEoIlwIguEA4c5DgA9DOyq0eFi

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Tasks