General
-
Target
507494814bcbd736b1c8d21647bacea62b63024c31ef85c1e8b20bd556d06c28N.exe
-
Size
114KB
-
Sample
241226-ps8m5avrfz
-
MD5
c1767a56b61c46be7939b27635d21cd0
-
SHA1
bfec53bc8938accbd9076ad2100bda58ccab22f8
-
SHA256
507494814bcbd736b1c8d21647bacea62b63024c31ef85c1e8b20bd556d06c28
-
SHA512
407c8bf96cd5cced2b76ec34d0786688879a22e6f134b727a71d369f093df30ca0503c43f640283487a5d3b82a9a61b6b0bacc6ae700839549222abddc6c5677
-
SSDEEP
1536:Loaj1hJL1S9t0MIeboal8bCKxo7h0RPLJNz30rtriCr0nJnHPoq1nouy8TRgb:c0hpgz6xGhYJF30Blr0nhoutTRgb
Malware Config
Targets
-
-
Target
507494814bcbd736b1c8d21647bacea62b63024c31ef85c1e8b20bd556d06c28N.exe
-
Size
114KB
-
MD5
c1767a56b61c46be7939b27635d21cd0
-
SHA1
bfec53bc8938accbd9076ad2100bda58ccab22f8
-
SHA256
507494814bcbd736b1c8d21647bacea62b63024c31ef85c1e8b20bd556d06c28
-
SHA512
407c8bf96cd5cced2b76ec34d0786688879a22e6f134b727a71d369f093df30ca0503c43f640283487a5d3b82a9a61b6b0bacc6ae700839549222abddc6c5677
-
SSDEEP
1536:Loaj1hJL1S9t0MIeboal8bCKxo7h0RPLJNz30rtriCr0nJnHPoq1nouy8TRgb:c0hpgz6xGhYJF30Blr0nhoutTRgb
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1