General

  • Target

    5cbcaeb100ac4d68cc8cfba62855226a9240fccb0f686d5fb81b5c6f297bff8c

  • Size

    43KB

  • Sample

    241229-23wgrszlft

  • MD5

    a94be21dc0824612ff2a08a72f6ed4e8

  • SHA1

    704680ffb9aa8687319ca9730901489b94ac01e8

  • SHA256

    5cbcaeb100ac4d68cc8cfba62855226a9240fccb0f686d5fb81b5c6f297bff8c

  • SHA512

    4f0ce71122f54e7a14dd8e41f03d2d2ffebce76cd7f34d469be60a97637797d62ee10673b6cd7930472a051288e7be4a5ec20c59fd19c61d6336f5d7e8e60293

  • SSDEEP

    768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taqd:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8f

Malware Config

Targets

    • Target

      5cbcaeb100ac4d68cc8cfba62855226a9240fccb0f686d5fb81b5c6f297bff8c

    • Size

      43KB

    • MD5

      a94be21dc0824612ff2a08a72f6ed4e8

    • SHA1

      704680ffb9aa8687319ca9730901489b94ac01e8

    • SHA256

      5cbcaeb100ac4d68cc8cfba62855226a9240fccb0f686d5fb81b5c6f297bff8c

    • SHA512

      4f0ce71122f54e7a14dd8e41f03d2d2ffebce76cd7f34d469be60a97637797d62ee10673b6cd7930472a051288e7be4a5ec20c59fd19c61d6336f5d7e8e60293

    • SSDEEP

      768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taqd:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8f

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks