General
-
Target
c97b519b7132f82a64bdb943466ad984.zip
-
Size
1.5MB
-
Sample
240831-gx1t3szbpk
-
MD5
d7d5570f09e6df7bb79f65f25f58c0a0
-
SHA1
a57947855f65c5f1edd4233e5c41219dff3e7d7a
-
SHA256
8b041f119f9abfa8bf1e457377590081a54d14d3a2ec4bd5752e02ea5e2c5422
-
SHA512
927fe4fd89de08e1d390de75288c3e8bf36378ac7dbd36edc3f4a7b50e4ac3200a6a0335d345db168aaacd0c7eccea3d64e13f03e6f779f58d8f88fe99f65d96
-
SSDEEP
24576:TwV+OYy2DuuXs6lcz/TM3N8FVY1IXqsJJ+YaxOuR/GRy36HKTaE:bOY1DXd6z/4d6VRgYaxOudGAD
Behavioral task
behavioral1
Sample
6a3ecd6dd8f8099413faeda6715cf1be7c4fd9388a5e35e2084d7641fc143965.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
6a3ecd6dd8f8099413faeda6715cf1be7c4fd9388a5e35e2084d7641fc143965.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
6a3ecd6dd8f8099413faeda6715cf1be7c4fd9388a5e35e2084d7641fc143965
-
Size
4.5MB
-
MD5
c97b519b7132f82a64bdb943466ad984
-
SHA1
8acc0bfbbbcbf5b98ce5190aafb6ec57b4d3c836
-
SHA256
6a3ecd6dd8f8099413faeda6715cf1be7c4fd9388a5e35e2084d7641fc143965
-
SHA512
0ceb88b93d9280c54e039b39bfb0195759b6c52a4abb77b92fa4ddb9c7d08f1f50bc4a50ab9d92897bca5b3601cae90218f45b64070bdb1b4a7911551a4d4c9c
-
SSDEEP
24576:0+9mrnE2Zjll/6b8h3UZrgEu8CkBW+M3nXvIMfhlG144EE/f5DBMY/:0Y2ZjlkWEZw8Jk+EXvIMfP4FRaY/
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1