General

  • Target

    32655448b352dd6049b9cd78072b68deea9eb684791b887b165022b85a8c22d2

  • Size

    283KB

  • Sample

    241027-1gxx2a1jaq

  • MD5

    eb87f6edca2b22d34db2ec7f2a44fda3

  • SHA1

    b78bee0c3e859c5d13c22d0a005a47279f904eb4

  • SHA256

    32655448b352dd6049b9cd78072b68deea9eb684791b887b165022b85a8c22d2

  • SHA512

    05a71914c1d9e973de2fa1c49d14ac0176a0c04db630b51209948683063bed359ebf72abfb61bba9cda6b6d7a3aee0bc379f9d9f05dfc29247826163ce5b0549

  • SSDEEP

    1536:NU9abrtX4oocIK3yQkaY9z/S0hhnDiKKJqTnouy8HeBsCXKTnhxJ8:Nm2rocIyhYtJxKJqrout+BsZhE

Malware Config

Targets

    • Target

      32655448b352dd6049b9cd78072b68deea9eb684791b887b165022b85a8c22d2

    • Size

      283KB

    • MD5

      eb87f6edca2b22d34db2ec7f2a44fda3

    • SHA1

      b78bee0c3e859c5d13c22d0a005a47279f904eb4

    • SHA256

      32655448b352dd6049b9cd78072b68deea9eb684791b887b165022b85a8c22d2

    • SHA512

      05a71914c1d9e973de2fa1c49d14ac0176a0c04db630b51209948683063bed359ebf72abfb61bba9cda6b6d7a3aee0bc379f9d9f05dfc29247826163ce5b0549

    • SSDEEP

      1536:NU9abrtX4oocIK3yQkaY9z/S0hhnDiKKJqTnouy8HeBsCXKTnhxJ8:Nm2rocIyhYtJxKJqrout+BsZhE

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks