General
-
Target
f2e7ec13b0a664a438cb4fc3a9d88397fe5caee61c66982a7cf75fa5339ebefdN.exe
-
Size
92KB
-
Sample
241217-hz84xatnas
-
MD5
e6311be934bcb2b135751c3d5b99cfa0
-
SHA1
7f733b1f0bc727580dce95dc58b4d951a1050710
-
SHA256
f2e7ec13b0a664a438cb4fc3a9d88397fe5caee61c66982a7cf75fa5339ebefd
-
SHA512
6e9ecb6821291c2bf661bb71fe3a61d894de14ebc8b3590ac3f70f0d9855be89f1d9b46847c74e99a72f762e655c6a37e538173603ce05687124e1d3f3075780
-
SSDEEP
1536:R7M3BhP/E9y9f/zMGv/4P6bR1ik5J/lEuU0Ay2s+eHxCEtkz30rtr5:O3BN+IfRO6bRnlZAvHcxCEtg30Bt
Malware Config
Targets
-
-
Target
f2e7ec13b0a664a438cb4fc3a9d88397fe5caee61c66982a7cf75fa5339ebefdN.exe
-
Size
92KB
-
MD5
e6311be934bcb2b135751c3d5b99cfa0
-
SHA1
7f733b1f0bc727580dce95dc58b4d951a1050710
-
SHA256
f2e7ec13b0a664a438cb4fc3a9d88397fe5caee61c66982a7cf75fa5339ebefd
-
SHA512
6e9ecb6821291c2bf661bb71fe3a61d894de14ebc8b3590ac3f70f0d9855be89f1d9b46847c74e99a72f762e655c6a37e538173603ce05687124e1d3f3075780
-
SSDEEP
1536:R7M3BhP/E9y9f/zMGv/4P6bR1ik5J/lEuU0Ay2s+eHxCEtkz30rtr5:O3BN+IfRO6bRnlZAvHcxCEtg30Bt
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1