General

  • Target

    4b2088fe48f8324b7fbcbf01a23d3ab365b922d1097d08e2f6a0784be34b8f43

  • Size

    1.2MB

  • Sample

    240831-pwzvdstflc

  • MD5

    5febfc61f0679c0764d45326bc4944f0

  • SHA1

    e4639f3c5c9978e167aa54ed7db00f8b37bde2bc

  • SHA256

    4b2088fe48f8324b7fbcbf01a23d3ab365b922d1097d08e2f6a0784be34b8f43

  • SHA512

    f0949f82ae9af42bb2451615acc2278e55b0cb07461943aaf925a0b6cee19c0ff164185a680c11c36a17cdf43e4fa3a09eb64b0ce245d130734bf2bc9b7636b2

  • SSDEEP

    24576:FNMAURFozuoZUFY6sRv4qD8+yDx9IZ2QuC9j4Jpb5aqtgow:FNMAURFosFY6Sv4D9Q5qJpLw

Malware Config

Targets

    • Target

      00803b2a9624ab755ca403c3abbf03d7dc3ac396a7c3fbcfb7471d7281cdf9d0

    • Size

      4.0MB

    • MD5

      a9035c52848767458693dbff0b0039f2

    • SHA1

      d95b563c788e34ce885299115fb0caaa1346388d

    • SHA256

      00803b2a9624ab755ca403c3abbf03d7dc3ac396a7c3fbcfb7471d7281cdf9d0

    • SHA512

      dca3db6af52e2c4219587f70b6cb6cccd9df4ec7b75618e0c1365b4ea745e67b334b8fda8ea74ea4dade53ba89211f660720e1b2b811f1aa2ac4a10d658135d0

    • SSDEEP

      24576:DF9mrnE2Z1y/6oTNBZrBEu8C7jnIQCwRO/wTGS5DBMY4:DD2Z1qT3Zz888QCwRO/wT/aY4

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks