General

  • Target

    b6aa7d0f474b2431b2064a03f8606dcedbcde6eab20da10ef8034f9f9512f8f1

  • Size

    36KB

  • Sample

    241217-cszc8sylap

  • MD5

    760590931ba42094c53c80bed40b2d60

  • SHA1

    9240af64675f969302d7d2c8738a726b69fec49b

  • SHA256

    b6aa7d0f474b2431b2064a03f8606dcedbcde6eab20da10ef8034f9f9512f8f1

  • SHA512

    1914456957f7d04e1db05918d45273525a929cdc525e66dc91f9019e08d3242197224a7a755575e58c7f992573dd733c07969f55b342577f3892b90e1ecdb1e8

  • SSDEEP

    768:lwbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647D4:lwbYP4nuEApQK4TQbtY2gA9DX+ytBOe

Malware Config

Targets

    • Target

      b6aa7d0f474b2431b2064a03f8606dcedbcde6eab20da10ef8034f9f9512f8f1

    • Size

      36KB

    • MD5

      760590931ba42094c53c80bed40b2d60

    • SHA1

      9240af64675f969302d7d2c8738a726b69fec49b

    • SHA256

      b6aa7d0f474b2431b2064a03f8606dcedbcde6eab20da10ef8034f9f9512f8f1

    • SHA512

      1914456957f7d04e1db05918d45273525a929cdc525e66dc91f9019e08d3242197224a7a755575e58c7f992573dd733c07969f55b342577f3892b90e1ecdb1e8

    • SSDEEP

      768:lwbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647D4:lwbYP4nuEApQK4TQbtY2gA9DX+ytBOe

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks