General

  • Target

    765a59f54f9e8f8b7d45d1cfb6a93ca4270fbd378cf1721110c18b140a7fada6N

  • Size

    283KB

  • Sample

    241019-qnnylazfml

  • MD5

    2e6c6b7abd224a818ad8f2bc6fd85c50

  • SHA1

    d1e33152f375976cf7533bb659bdbb1968cf68d5

  • SHA256

    765a59f54f9e8f8b7d45d1cfb6a93ca4270fbd378cf1721110c18b140a7fada6

  • SHA512

    ccf04474a8914f8f091dac1ded3f82d63ce6c870536e00fa48379f72dc859e50c35c1841ab45b1a971d7d675a6b44e5b057027840622202de908ac7644e190ff

  • SSDEEP

    1536:NU9abrtX4oocIK3yQkaY9z/S0hhnDiKKJqTnouy8HeBsCXKTnhxJ+:Nm2rocIyhYtJxKJqrout+BsZhW

Malware Config

Targets

    • Target

      765a59f54f9e8f8b7d45d1cfb6a93ca4270fbd378cf1721110c18b140a7fada6N

    • Size

      283KB

    • MD5

      2e6c6b7abd224a818ad8f2bc6fd85c50

    • SHA1

      d1e33152f375976cf7533bb659bdbb1968cf68d5

    • SHA256

      765a59f54f9e8f8b7d45d1cfb6a93ca4270fbd378cf1721110c18b140a7fada6

    • SHA512

      ccf04474a8914f8f091dac1ded3f82d63ce6c870536e00fa48379f72dc859e50c35c1841ab45b1a971d7d675a6b44e5b057027840622202de908ac7644e190ff

    • SSDEEP

      1536:NU9abrtX4oocIK3yQkaY9z/S0hhnDiKKJqTnouy8HeBsCXKTnhxJ+:Nm2rocIyhYtJxKJqrout+BsZhW

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks