General

  • Target

    66bff874892ff467378d5c9c8f9c9ef5.zip

  • Size

    56KB

  • Sample

    240831-ma8jasydlm

  • MD5

    02d1b2d388ee6a67ad4087fbe930c92d

  • SHA1

    acb8b19041e031ae0dd6536837253c957cb58cdc

  • SHA256

    38f639e51e80bb29dc44913411c69f03b953a6aaeed5319f5ad4df18354fd4ba

  • SHA512

    cf56bd21eecf9f95409731bf8c03ad09134bb393b27cf33a553d926800331315b8e83e3e13ce52d84ea7adaf1817e2a535d75baf4584203f9cb64a6ac1f48ce8

  • SSDEEP

    1536:PPenKXAK/5AxIoGgvjDZRVFscVh2rDytHQAovcC1a:neQgvjNRxwrWtHIHg

Malware Config

Targets

    • Target

      b655052323d602b1059c47413f60e908ffdb38edc45bde553f6cd91133cfc1cf

    • Size

      60KB

    • MD5

      66bff874892ff467378d5c9c8f9c9ef5

    • SHA1

      7174ad727f8346615b9a7174603a789529c29f56

    • SHA256

      b655052323d602b1059c47413f60e908ffdb38edc45bde553f6cd91133cfc1cf

    • SHA512

      77efdf47e120751c4a5ea9a93036287da6912574b16dbef10000ff69c736beaef89caedc8ac103ab83b440aef97c00d5a924f0fc6160018cc4d04326ec9fba23

    • SSDEEP

      1536:iZioIoCwbYP4nuEApQK4TQbtY2gA9DX+ytBO8c3G3eTJ/T:iEoIlwIguEA4c5DgA9DOyq0eF7

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks