General
-
Target
120a1bcbeb90864e3fd10bd44ced5d242c3e947a6b9c1b01e91817ca929e2edbN.exe
-
Size
43KB
-
Sample
241202-p52qcazlgr
-
MD5
d24a5f35ec15112d0d5b421812b2d4e0
-
SHA1
06880566046b25925fa941f87fc8a2e4aeb55ffb
-
SHA256
120a1bcbeb90864e3fd10bd44ced5d242c3e947a6b9c1b01e91817ca929e2edb
-
SHA512
5dce4026b7416f5baf4e50516a803797c3b27f255d6d235a7af793009a7ec6aadce216e361174f5ed634af25ff397b80bfb16b7a3326cee8621e6829d7a22994
-
SSDEEP
768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taqS:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8s
Malware Config
Targets
-
-
Target
120a1bcbeb90864e3fd10bd44ced5d242c3e947a6b9c1b01e91817ca929e2edbN.exe
-
Size
43KB
-
MD5
d24a5f35ec15112d0d5b421812b2d4e0
-
SHA1
06880566046b25925fa941f87fc8a2e4aeb55ffb
-
SHA256
120a1bcbeb90864e3fd10bd44ced5d242c3e947a6b9c1b01e91817ca929e2edb
-
SHA512
5dce4026b7416f5baf4e50516a803797c3b27f255d6d235a7af793009a7ec6aadce216e361174f5ed634af25ff397b80bfb16b7a3326cee8621e6829d7a22994
-
SSDEEP
768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taqS:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8s
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1