General
-
Target
ba64c55bc312601afbacd8b0aac0289d411f0ad3b419bad97e1d8fe99915c0bdN.exe
-
Size
43KB
-
Sample
241124-1wx7caxpcp
-
MD5
731591abd51297446c2bf2692e89ba60
-
SHA1
a52b4d4c253beb8bb49ca20f749f7290b7c02837
-
SHA256
ba64c55bc312601afbacd8b0aac0289d411f0ad3b419bad97e1d8fe99915c0bd
-
SHA512
2742b522c31ca8cf4f2e78615da303d463892a7f36470aff9a3f485f1f543cc0bef3318c3de8c27e2cae6990b6b8b190be65bea02ad1b40e23c8bdaf23ba0562
-
SSDEEP
768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taqY:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8S
Malware Config
Targets
-
-
Target
ba64c55bc312601afbacd8b0aac0289d411f0ad3b419bad97e1d8fe99915c0bdN.exe
-
Size
43KB
-
MD5
731591abd51297446c2bf2692e89ba60
-
SHA1
a52b4d4c253beb8bb49ca20f749f7290b7c02837
-
SHA256
ba64c55bc312601afbacd8b0aac0289d411f0ad3b419bad97e1d8fe99915c0bd
-
SHA512
2742b522c31ca8cf4f2e78615da303d463892a7f36470aff9a3f485f1f543cc0bef3318c3de8c27e2cae6990b6b8b190be65bea02ad1b40e23c8bdaf23ba0562
-
SSDEEP
768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taqY:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8S
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1