General

  • Target

    bbad5a080c7a7ec13a5771ec843f435be9cfd103dfc63046a809a2e41ff845b4N.exe

  • Size

    58KB

  • Sample

    241204-xkrnms1pfp

  • MD5

    a5b58e3d5e3a92644b596b33c95f56b0

  • SHA1

    a90fc0f43e44721ce174d4684dcfca73a7087fac

  • SHA256

    bbad5a080c7a7ec13a5771ec843f435be9cfd103dfc63046a809a2e41ff845b4

  • SHA512

    5779b1d16bfe0a375ce552fdb352e7db3949b65f3a6e63e1d0a2165ae7394cd58c819bb90ecbced4316c09e55958091c4106d57fb2e9bb943c2ca151fa21e790

  • SSDEEP

    1536:iZioIoCwbYP4nuEApQK4TQbtY2gA9DX+ytBO8c3G3eTJ/a:iEoIlwIguEA4c5DgA9DOyq0eFi

Malware Config

Targets

    • Target

      bbad5a080c7a7ec13a5771ec843f435be9cfd103dfc63046a809a2e41ff845b4N.exe

    • Size

      58KB

    • MD5

      a5b58e3d5e3a92644b596b33c95f56b0

    • SHA1

      a90fc0f43e44721ce174d4684dcfca73a7087fac

    • SHA256

      bbad5a080c7a7ec13a5771ec843f435be9cfd103dfc63046a809a2e41ff845b4

    • SHA512

      5779b1d16bfe0a375ce552fdb352e7db3949b65f3a6e63e1d0a2165ae7394cd58c819bb90ecbced4316c09e55958091c4106d57fb2e9bb943c2ca151fa21e790

    • SSDEEP

      1536:iZioIoCwbYP4nuEApQK4TQbtY2gA9DX+ytBO8c3G3eTJ/a:iEoIlwIguEA4c5DgA9DOyq0eFi

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks