General

  • Target

    1494b81e88b54402bd9c14e94548a131_JC.exe

  • Size

    99KB

  • Sample

    231005-v3z2mafc28

  • MD5

    1494b81e88b54402bd9c14e94548a131

  • SHA1

    6a1f8f3cd3078060d07d3e71654533b79753cd7b

  • SHA256

    535724dec30d4edf1a0043531342ed34516e7c60daba7163e3986461411fa005

  • SHA512

    36acc37e04cd2217bafe23bb4caf6e7f25d29db16429a270c10d0a7175f0cfd38c22d8c381fdaea35796029331667b8177a6eaa49bb887af7b641b3d745257f5

  • SSDEEP

    1536:Loaj1hJL1S9t0MIeboal8bCKxo7h0RPaaml0Nz30rtrrxv:c0hpgz6xGhZamyF30BHxv

Malware Config

Targets

    • Target

      1494b81e88b54402bd9c14e94548a131_JC.exe

    • Size

      99KB

    • MD5

      1494b81e88b54402bd9c14e94548a131

    • SHA1

      6a1f8f3cd3078060d07d3e71654533b79753cd7b

    • SHA256

      535724dec30d4edf1a0043531342ed34516e7c60daba7163e3986461411fa005

    • SHA512

      36acc37e04cd2217bafe23bb4caf6e7f25d29db16429a270c10d0a7175f0cfd38c22d8c381fdaea35796029331667b8177a6eaa49bb887af7b641b3d745257f5

    • SSDEEP

      1536:Loaj1hJL1S9t0MIeboal8bCKxo7h0RPaaml0Nz30rtrrxv:c0hpgz6xGhZamyF30BHxv

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks