General

  • Target

    ad2d07fbc32c1f2a5aedbfc6e08ad45f2bd706a640974036b13e375794d0a612N

  • Size

    35KB

  • Sample

    241031-nt9q5sxhpm

  • MD5

    9248ec73f530a563287d45355ab716b0

  • SHA1

    90caa3a5a62219e3eaa6be7939578760db85cef2

  • SHA256

    ad2d07fbc32c1f2a5aedbfc6e08ad45f2bd706a640974036b13e375794d0a612

  • SHA512

    d143785958e551bd3bfdaaaedfa0aa3c01d8ddc8fedbc728af7d9c1685bb8c5373e2749c6d3e219ab321366c82ab3edb525c9922968d8f13b54e5ba7ce1da000

  • SSDEEP

    768:9wbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv26u7DC:9wbYP4nuEApQK4TQbtY2gA9DX+ytBOi

Malware Config

Targets

    • Target

      ad2d07fbc32c1f2a5aedbfc6e08ad45f2bd706a640974036b13e375794d0a612N

    • Size

      35KB

    • MD5

      9248ec73f530a563287d45355ab716b0

    • SHA1

      90caa3a5a62219e3eaa6be7939578760db85cef2

    • SHA256

      ad2d07fbc32c1f2a5aedbfc6e08ad45f2bd706a640974036b13e375794d0a612

    • SHA512

      d143785958e551bd3bfdaaaedfa0aa3c01d8ddc8fedbc728af7d9c1685bb8c5373e2749c6d3e219ab321366c82ab3edb525c9922968d8f13b54e5ba7ce1da000

    • SSDEEP

      768:9wbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv26u7DC:9wbYP4nuEApQK4TQbtY2gA9DX+ytBOi

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks