General
-
Target
c3f0481c1d0a220bdbfd73bce486d5c95a7b94b3c80bc16020d6a7e382645c16.exe
-
Size
114KB
-
Sample
241226-y6rq7symdl
-
MD5
7633a0292809144cab6a46acf43edba8
-
SHA1
840b294d8d0987ba134de93b179b3f4ee399c665
-
SHA256
c3f0481c1d0a220bdbfd73bce486d5c95a7b94b3c80bc16020d6a7e382645c16
-
SHA512
8e24a17fdff8157566a9ad8d813612792df9d2ff4cfd67253f2a53e162ec4b2faa0878fefeecddeca54568cb0fd914a389974d452c053ee00075fe3a375da28e
-
SSDEEP
1536:Loaj1hJL1S9t0MIeboal8bCKxo7h0RPLJNz30rtriCr0nJnHPoq1nouy8TRgD:c0hpgz6xGhYJF30Blr0nhoutTRgD
Malware Config
Targets
-
-
Target
c3f0481c1d0a220bdbfd73bce486d5c95a7b94b3c80bc16020d6a7e382645c16.exe
-
Size
114KB
-
MD5
7633a0292809144cab6a46acf43edba8
-
SHA1
840b294d8d0987ba134de93b179b3f4ee399c665
-
SHA256
c3f0481c1d0a220bdbfd73bce486d5c95a7b94b3c80bc16020d6a7e382645c16
-
SHA512
8e24a17fdff8157566a9ad8d813612792df9d2ff4cfd67253f2a53e162ec4b2faa0878fefeecddeca54568cb0fd914a389974d452c053ee00075fe3a375da28e
-
SSDEEP
1536:Loaj1hJL1S9t0MIeboal8bCKxo7h0RPLJNz30rtriCr0nJnHPoq1nouy8TRgD:c0hpgz6xGhYJF30Blr0nhoutTRgD
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1