General
-
Target
7183c8796c216e78eb9d75b4761e4ea7b049f8251053acd7d372fa5c934cbab7N.exe
-
Size
79KB
-
Sample
241218-kaymzs1mez
-
MD5
6824d0930b817016d8f6deae0bcad120
-
SHA1
931963f5d817823f8f12ae695bea68b18d417b84
-
SHA256
7183c8796c216e78eb9d75b4761e4ea7b049f8251053acd7d372fa5c934cbab7
-
SHA512
4fa164189b9fdee8116ff365d8e2362329ada5df22db03bfe503604bd25d51c5518f843c9d04fc0f4b6ec241c5e82d4db1209e4b52cc5e85b2854b79602e60f3
-
SSDEEP
1536:1oaj1hJL1S9t0MIeboal8bCKxo7h0RP0jwHVz30rtroy:W0hpgz6xGhTjwHN30BEy
Malware Config
Targets
-
-
Target
7183c8796c216e78eb9d75b4761e4ea7b049f8251053acd7d372fa5c934cbab7N.exe
-
Size
79KB
-
MD5
6824d0930b817016d8f6deae0bcad120
-
SHA1
931963f5d817823f8f12ae695bea68b18d417b84
-
SHA256
7183c8796c216e78eb9d75b4761e4ea7b049f8251053acd7d372fa5c934cbab7
-
SHA512
4fa164189b9fdee8116ff365d8e2362329ada5df22db03bfe503604bd25d51c5518f843c9d04fc0f4b6ec241c5e82d4db1209e4b52cc5e85b2854b79602e60f3
-
SSDEEP
1536:1oaj1hJL1S9t0MIeboal8bCKxo7h0RP0jwHVz30rtroy:W0hpgz6xGhTjwHN30BEy
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1