General

  • Target

    54c04aadce8101d61a99e023b773204e9227da8fd907192c7b1b184cfe583238N

  • Size

    43KB

  • Sample

    241011-xs561aydle

  • MD5

    15543f8b94f201d8d537969d4c317ac0

  • SHA1

    572cf7da293f323723a9dd0c817c680d02c0010d

  • SHA256

    54c04aadce8101d61a99e023b773204e9227da8fd907192c7b1b184cfe583238

  • SHA512

    db049489dcc59410e8795d7f20a51f245c07df2afb818cd0e2e21fc4b0a5b7c737c0fb1e02a17e43203ab0680529822a7a646cbee875123baf2abf11adf09590

  • SSDEEP

    768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taq1:+U9abrtX4oocIK3yQkaY9z/S0hhy6k83

Malware Config

Targets

    • Target

      54c04aadce8101d61a99e023b773204e9227da8fd907192c7b1b184cfe583238N

    • Size

      43KB

    • MD5

      15543f8b94f201d8d537969d4c317ac0

    • SHA1

      572cf7da293f323723a9dd0c817c680d02c0010d

    • SHA256

      54c04aadce8101d61a99e023b773204e9227da8fd907192c7b1b184cfe583238

    • SHA512

      db049489dcc59410e8795d7f20a51f245c07df2afb818cd0e2e21fc4b0a5b7c737c0fb1e02a17e43203ab0680529822a7a646cbee875123baf2abf11adf09590

    • SSDEEP

      768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taq1:+U9abrtX4oocIK3yQkaY9z/S0hhy6k83

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks