General

  • Target

    916ed90809dbb8952d7b7708cf0e6030724b631fcc3cfadcaa71ae0911b00a93

  • Size

    43KB

  • Sample

    241123-bkkpfaznbj

  • MD5

    cd7c84da461b3c6f561e20facb38aa5e

  • SHA1

    e77fbad023499628e3e38ddc96bf98d455576a47

  • SHA256

    916ed90809dbb8952d7b7708cf0e6030724b631fcc3cfadcaa71ae0911b00a93

  • SHA512

    b75411699fb580633f42cbafac8847e5f858d4e6b4df17598aef542219593d2de2e863c9176aa357f42c58c900a2a96574aa4a7246c7347d0153826d69af5155

  • SSDEEP

    768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taq9:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8b

Malware Config

Targets

    • Target

      916ed90809dbb8952d7b7708cf0e6030724b631fcc3cfadcaa71ae0911b00a93

    • Size

      43KB

    • MD5

      cd7c84da461b3c6f561e20facb38aa5e

    • SHA1

      e77fbad023499628e3e38ddc96bf98d455576a47

    • SHA256

      916ed90809dbb8952d7b7708cf0e6030724b631fcc3cfadcaa71ae0911b00a93

    • SHA512

      b75411699fb580633f42cbafac8847e5f858d4e6b4df17598aef542219593d2de2e863c9176aa357f42c58c900a2a96574aa4a7246c7347d0153826d69af5155

    • SSDEEP

      768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taq9:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8b

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks