General
-
Target
2ef20b43173ef6d29a6a156e0b87e7753eb226c03a09715974ee1cd9f9fe5783N.exe
-
Size
43KB
-
Sample
241130-frk11atng1
-
MD5
a7ebfd60c6a99ca8d9e0a6b61efde650
-
SHA1
034fba22acc854ee290368914f40b9568538a874
-
SHA256
2ef20b43173ef6d29a6a156e0b87e7753eb226c03a09715974ee1cd9f9fe5783
-
SHA512
f7f4410ce5a3ef041defd059165f11e7f304dd8b414bd089e99eb0023eff79adf582b801c20e54c4f18bc6d494f1632691f2010b94b934d5505b4163b5fd31b4
-
SSDEEP
768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taqe:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8A
Malware Config
Targets
-
-
Target
2ef20b43173ef6d29a6a156e0b87e7753eb226c03a09715974ee1cd9f9fe5783N.exe
-
Size
43KB
-
MD5
a7ebfd60c6a99ca8d9e0a6b61efde650
-
SHA1
034fba22acc854ee290368914f40b9568538a874
-
SHA256
2ef20b43173ef6d29a6a156e0b87e7753eb226c03a09715974ee1cd9f9fe5783
-
SHA512
f7f4410ce5a3ef041defd059165f11e7f304dd8b414bd089e99eb0023eff79adf582b801c20e54c4f18bc6d494f1632691f2010b94b934d5505b4163b5fd31b4
-
SSDEEP
768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taqe:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8A
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1