General

  • Target

    9c700bf9ff9ea32de3a3d7d271d3d831300e2ee831377862ae0f13c106a685e4

  • Size

    880KB

  • Sample

    221023-p7ectsadhr

  • MD5

    a797530d5a54110837d50f65000a63dc

  • SHA1

    113e8b42107c02cfb414b0a967b867745377d2b3

  • SHA256

    9c700bf9ff9ea32de3a3d7d271d3d831300e2ee831377862ae0f13c106a685e4

  • SHA512

    26d1822b44ae7bf2524aee01a209c9c73d9469101d8b1c9724cc42b61f771a470d80f6a128c7916c12012fbcbef61a5db3fd6c419a3b21b8082ff916aee9c3d2

  • SSDEEP

    12288:0RfQn+w8EYiBlMkn5f9J105ko8T6csV5f1bYQog9hVn4Q:g4+wlYBsb3zNs5f1bYInVn4Q

Malware Config

Targets

    • Target

      9c700bf9ff9ea32de3a3d7d271d3d831300e2ee831377862ae0f13c106a685e4

    • Size

      880KB

    • MD5

      a797530d5a54110837d50f65000a63dc

    • SHA1

      113e8b42107c02cfb414b0a967b867745377d2b3

    • SHA256

      9c700bf9ff9ea32de3a3d7d271d3d831300e2ee831377862ae0f13c106a685e4

    • SHA512

      26d1822b44ae7bf2524aee01a209c9c73d9469101d8b1c9724cc42b61f771a470d80f6a128c7916c12012fbcbef61a5db3fd6c419a3b21b8082ff916aee9c3d2

    • SSDEEP

      12288:0RfQn+w8EYiBlMkn5f9J105ko8T6csV5f1bYQog9hVn4Q:g4+wlYBsb3zNs5f1bYInVn4Q

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks