General

  • Target

    c97b519b7132f82a64bdb943466ad984.zip

  • Size

    1.5MB

  • Sample

    240831-gx1t3szbpk

  • MD5

    d7d5570f09e6df7bb79f65f25f58c0a0

  • SHA1

    a57947855f65c5f1edd4233e5c41219dff3e7d7a

  • SHA256

    8b041f119f9abfa8bf1e457377590081a54d14d3a2ec4bd5752e02ea5e2c5422

  • SHA512

    927fe4fd89de08e1d390de75288c3e8bf36378ac7dbd36edc3f4a7b50e4ac3200a6a0335d345db168aaacd0c7eccea3d64e13f03e6f779f58d8f88fe99f65d96

  • SSDEEP

    24576:TwV+OYy2DuuXs6lcz/TM3N8FVY1IXqsJJ+YaxOuR/GRy36HKTaE:bOY1DXd6z/4d6VRgYaxOudGAD

Malware Config

Targets

    • Target

      6a3ecd6dd8f8099413faeda6715cf1be7c4fd9388a5e35e2084d7641fc143965

    • Size

      4.5MB

    • MD5

      c97b519b7132f82a64bdb943466ad984

    • SHA1

      8acc0bfbbbcbf5b98ce5190aafb6ec57b4d3c836

    • SHA256

      6a3ecd6dd8f8099413faeda6715cf1be7c4fd9388a5e35e2084d7641fc143965

    • SHA512

      0ceb88b93d9280c54e039b39bfb0195759b6c52a4abb77b92fa4ddb9c7d08f1f50bc4a50ab9d92897bca5b3601cae90218f45b64070bdb1b4a7911551a4d4c9c

    • SSDEEP

      24576:0+9mrnE2Zjll/6b8h3UZrgEu8CkBW+M3nXvIMfhlG144EE/f5DBMY/:0Y2ZjlkWEZw8Jk+EXvIMfP4FRaY/

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks