General

  • Target

    a8fa2d6b63c3b1386f2a34e79748fe243817262b42f37ad6c55a78162e9c3c17.exe

  • Size

    58KB

  • Sample

    241204-zcxwsszmfx

  • MD5

    305c77b7560f9937b08847d6a08811e5

  • SHA1

    11cfecc65c92ba54b083cb24b1cfde9be4bb6159

  • SHA256

    a8fa2d6b63c3b1386f2a34e79748fe243817262b42f37ad6c55a78162e9c3c17

  • SHA512

    6e578d6231bf1d6ac9cb0b1e01f86682ab8d5a6f2f898971eed300c7fc321ff907757a6f2dc67ec2e974a2c503e8cf9dcf797416b169db5fc41c9af4486ddd70

  • SSDEEP

    1536:iZioIoCwbYP4nuEApQK4TQbtY2gA9DX+ytBO8c3G3eTJ/a:iEoIlwIguEA4c5DgA9DOyq0eFi

Malware Config

Targets

    • Target

      a8fa2d6b63c3b1386f2a34e79748fe243817262b42f37ad6c55a78162e9c3c17.exe

    • Size

      58KB

    • MD5

      305c77b7560f9937b08847d6a08811e5

    • SHA1

      11cfecc65c92ba54b083cb24b1cfde9be4bb6159

    • SHA256

      a8fa2d6b63c3b1386f2a34e79748fe243817262b42f37ad6c55a78162e9c3c17

    • SHA512

      6e578d6231bf1d6ac9cb0b1e01f86682ab8d5a6f2f898971eed300c7fc321ff907757a6f2dc67ec2e974a2c503e8cf9dcf797416b169db5fc41c9af4486ddd70

    • SSDEEP

      1536:iZioIoCwbYP4nuEApQK4TQbtY2gA9DX+ytBO8c3G3eTJ/a:iEoIlwIguEA4c5DgA9DOyq0eFi

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks