General
-
Target
1844ab8b396b222b7153604413497ae78e7a8ef333f3951a7556996e3b1d11f2.exe
-
Size
43KB
-
Sample
241222-d1ppfa1qgs
-
MD5
a049de1049484c72e57c24b56c36aebe
-
SHA1
79a9e86c729f97bf4b54fef79bb0bb350db9e4d6
-
SHA256
1844ab8b396b222b7153604413497ae78e7a8ef333f3951a7556996e3b1d11f2
-
SHA512
11f5164fcf00b8bf938dba87185a59153c0f016695bcaf0f69db4ed3af047f24407b749c69bf64c53c47adaaf4389464ee91fe69e1c624947644e9fe117b7c55
-
SSDEEP
768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taqe:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8E
Malware Config
Targets
-
-
Target
1844ab8b396b222b7153604413497ae78e7a8ef333f3951a7556996e3b1d11f2.exe
-
Size
43KB
-
MD5
a049de1049484c72e57c24b56c36aebe
-
SHA1
79a9e86c729f97bf4b54fef79bb0bb350db9e4d6
-
SHA256
1844ab8b396b222b7153604413497ae78e7a8ef333f3951a7556996e3b1d11f2
-
SHA512
11f5164fcf00b8bf938dba87185a59153c0f016695bcaf0f69db4ed3af047f24407b749c69bf64c53c47adaaf4389464ee91fe69e1c624947644e9fe117b7c55
-
SSDEEP
768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taqe:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8E
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1