General

  • Target

    95c28fdcd6de38a871b73ac516b6b180N.exe

  • Size

    35KB

  • Sample

    240830-z6csqaweqc

  • MD5

    95c28fdcd6de38a871b73ac516b6b180

  • SHA1

    08d4938afe261a55cdef79434c003c5e153cc1cb

  • SHA256

    ad10d162b11a20a7ae33d0d0ddaf6e409a3d7c0be948b6e9b94d9d4ff7826fd7

  • SHA512

    de5864e15a8c00d7c557c6f159e7bcbca95b0a701fe4b330f8e16d0b60dbf57e585334f3b9eaea5457b3d8272b8670e843f41ee2fd799fba24824d138026390a

  • SSDEEP

    768:qwbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647Dn:qwbYP4nuEApQK4TQbtY2gA9DX+ytBOF

Malware Config

Targets

    • Target

      95c28fdcd6de38a871b73ac516b6b180N.exe

    • Size

      35KB

    • MD5

      95c28fdcd6de38a871b73ac516b6b180

    • SHA1

      08d4938afe261a55cdef79434c003c5e153cc1cb

    • SHA256

      ad10d162b11a20a7ae33d0d0ddaf6e409a3d7c0be948b6e9b94d9d4ff7826fd7

    • SHA512

      de5864e15a8c00d7c557c6f159e7bcbca95b0a701fe4b330f8e16d0b60dbf57e585334f3b9eaea5457b3d8272b8670e843f41ee2fd799fba24824d138026390a

    • SSDEEP

      768:qwbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647Dn:qwbYP4nuEApQK4TQbtY2gA9DX+ytBOF

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks