General
-
Target
40a8c94522288a73f77ab5f3df05eebf4b0e8c5a50dfbbef2c5d3ee6a3702190
-
Size
43KB
-
Sample
250102-12zmcsxnct
-
MD5
879f1a9aa5e5897c65322fc69bcd1972
-
SHA1
1805bba379aa91c094e6480084fbc5ad1d76ae15
-
SHA256
40a8c94522288a73f77ab5f3df05eebf4b0e8c5a50dfbbef2c5d3ee6a3702190
-
SHA512
d6c0308b91ad36d3e9790c847df8eeb9d19a7b71e8fa8924547fd8fdb17fe40407c3a21b0d93b3760ca876bdd6691ad7c5f906484829d9270c49ffd52f071b43
-
SSDEEP
768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taqM:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8S
Malware Config
Targets
-
-
Target
40a8c94522288a73f77ab5f3df05eebf4b0e8c5a50dfbbef2c5d3ee6a3702190
-
Size
43KB
-
MD5
879f1a9aa5e5897c65322fc69bcd1972
-
SHA1
1805bba379aa91c094e6480084fbc5ad1d76ae15
-
SHA256
40a8c94522288a73f77ab5f3df05eebf4b0e8c5a50dfbbef2c5d3ee6a3702190
-
SHA512
d6c0308b91ad36d3e9790c847df8eeb9d19a7b71e8fa8924547fd8fdb17fe40407c3a21b0d93b3760ca876bdd6691ad7c5f906484829d9270c49ffd52f071b43
-
SSDEEP
768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taqM:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8S
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1