General

  • Target

    0f01c2376aa165756a40bb42275f48412a1c91a6b644ff870e7904167df73ea5

  • Size

    60KB

  • Sample

    221019-dn241afagq

  • MD5

    ec54110f1933c79190f901d402498b11

  • SHA1

    3bb15be93e4bc756e4ecef2011091c372b8ed34f

  • SHA256

    0f01c2376aa165756a40bb42275f48412a1c91a6b644ff870e7904167df73ea5

  • SHA512

    b9a66ade4efe98e9052213d1544ee4b88bc4751e85b6bf01bcda0e7d36156fac02dc9871874a2aa7fad7ae1cb85100b6b671d71baf6f06254df9041b190f9091

  • SSDEEP

    1536:iZioIoCwbYP4nuEApQK4TQbtY2gA9DX+ytBO8c3G3eTJ/Y:iEoIlwIguEA4c5DgA9DOyq0eFA

Malware Config

Targets

    • Target

      0f01c2376aa165756a40bb42275f48412a1c91a6b644ff870e7904167df73ea5

    • Size

      60KB

    • MD5

      ec54110f1933c79190f901d402498b11

    • SHA1

      3bb15be93e4bc756e4ecef2011091c372b8ed34f

    • SHA256

      0f01c2376aa165756a40bb42275f48412a1c91a6b644ff870e7904167df73ea5

    • SHA512

      b9a66ade4efe98e9052213d1544ee4b88bc4751e85b6bf01bcda0e7d36156fac02dc9871874a2aa7fad7ae1cb85100b6b671d71baf6f06254df9041b190f9091

    • SSDEEP

      1536:iZioIoCwbYP4nuEApQK4TQbtY2gA9DX+ytBO8c3G3eTJ/Y:iEoIlwIguEA4c5DgA9DOyq0eFA

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Tasks