General
-
Target
6b938a685680764781b07aae0e03516333dae0594ff89d9da54e147ab3af7cbd.exe
-
Size
43KB
-
Sample
241125-qmznpsvndn
-
MD5
fc6ccb46c81f4ca126e1f179a197884d
-
SHA1
1cf013ae2de47575ea10cb247e5f40d8efed25e5
-
SHA256
6b938a685680764781b07aae0e03516333dae0594ff89d9da54e147ab3af7cbd
-
SHA512
2a161d83898b060aa49fb0848124759e1ca8dd2836d828c8c5cd706ca7553a2a654e2f91d27c44b993e2590e082ff215b32363dc8e79138738972ccba26dc557
-
SSDEEP
768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taqY:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8W
Malware Config
Targets
-
-
Target
6b938a685680764781b07aae0e03516333dae0594ff89d9da54e147ab3af7cbd.exe
-
Size
43KB
-
MD5
fc6ccb46c81f4ca126e1f179a197884d
-
SHA1
1cf013ae2de47575ea10cb247e5f40d8efed25e5
-
SHA256
6b938a685680764781b07aae0e03516333dae0594ff89d9da54e147ab3af7cbd
-
SHA512
2a161d83898b060aa49fb0848124759e1ca8dd2836d828c8c5cd706ca7553a2a654e2f91d27c44b993e2590e082ff215b32363dc8e79138738972ccba26dc557
-
SSDEEP
768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taqY:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8W
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1