General
-
Target
c51bb520ccf924b0392c601462bb702c0e0368c34b24d80838c11d964cbf7515
-
Size
43KB
-
Sample
241205-c1g4xstpfz
-
MD5
5095cc6dd78e6c880d1de023e7625990
-
SHA1
324014f471c23c539b3dd6b20a4fee564e13543a
-
SHA256
c51bb520ccf924b0392c601462bb702c0e0368c34b24d80838c11d964cbf7515
-
SHA512
8b768e04f90d8fc63bfd7c3656d1af9452d3a632365ace5932f99fcc0dc8a9c9ef333975168f68b28d928ec8d60a25a3f133e7e68db5b47194f5bc064c4cb7c3
-
SSDEEP
768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taqm:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8A
Malware Config
Targets
-
-
Target
c51bb520ccf924b0392c601462bb702c0e0368c34b24d80838c11d964cbf7515
-
Size
43KB
-
MD5
5095cc6dd78e6c880d1de023e7625990
-
SHA1
324014f471c23c539b3dd6b20a4fee564e13543a
-
SHA256
c51bb520ccf924b0392c601462bb702c0e0368c34b24d80838c11d964cbf7515
-
SHA512
8b768e04f90d8fc63bfd7c3656d1af9452d3a632365ace5932f99fcc0dc8a9c9ef333975168f68b28d928ec8d60a25a3f133e7e68db5b47194f5bc064c4cb7c3
-
SSDEEP
768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taqm:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8A
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1