General

  • Target

    f20c2414321a3a853db45f2c1fc76e4a14e651dea9addc243f2994619cf09f62

  • Size

    60KB

  • Sample

    221018-dvrxlseebk

  • MD5

    700e2820dc297368efcbf9d09b6b1157

  • SHA1

    89258562123dbd186df717b3560def051c5d483b

  • SHA256

    f20c2414321a3a853db45f2c1fc76e4a14e651dea9addc243f2994619cf09f62

  • SHA512

    c436962a25c7611635c4677715848e8542155187f8bf75ee0f244af22b14ea4e9685900649aea00483773c88def0e13877928a1f819dcb553538033eba71ac31

  • SSDEEP

    1536:iZioIoCwbYP4nuEApQK4TQbtY2gA9DX+ytBO8c3G3eTJ/a:iEoIlwIguEA4c5DgA9DOyq0eFy

Malware Config

Targets

    • Target

      f20c2414321a3a853db45f2c1fc76e4a14e651dea9addc243f2994619cf09f62

    • Size

      60KB

    • MD5

      700e2820dc297368efcbf9d09b6b1157

    • SHA1

      89258562123dbd186df717b3560def051c5d483b

    • SHA256

      f20c2414321a3a853db45f2c1fc76e4a14e651dea9addc243f2994619cf09f62

    • SHA512

      c436962a25c7611635c4677715848e8542155187f8bf75ee0f244af22b14ea4e9685900649aea00483773c88def0e13877928a1f819dcb553538033eba71ac31

    • SSDEEP

      1536:iZioIoCwbYP4nuEApQK4TQbtY2gA9DX+ytBO8c3G3eTJ/a:iEoIlwIguEA4c5DgA9DOyq0eFy

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Tasks