General
-
Target
828fe990bf5f2a6bc95e105b306ddc922d08ec558ccc622c842687686aae88e5.exe
-
Size
43KB
-
Sample
250107-lf1vzavmfs
-
MD5
91f7ac93c9f17621e40244f38750f346
-
SHA1
534779a8c74ea87b773781302e2b9b9e4f2fe0c1
-
SHA256
828fe990bf5f2a6bc95e105b306ddc922d08ec558ccc622c842687686aae88e5
-
SHA512
8c5346b30dac6cf31750f3d63769aaca6b8dd2945f4ddb736f96d6ed0f81a89255e752dc1d161b825f0e92d4c11047748cd7d1e875ec011ac87d256b3ea4dd1f
-
SSDEEP
768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taqa:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8U
Malware Config
Targets
-
-
Target
828fe990bf5f2a6bc95e105b306ddc922d08ec558ccc622c842687686aae88e5.exe
-
Size
43KB
-
MD5
91f7ac93c9f17621e40244f38750f346
-
SHA1
534779a8c74ea87b773781302e2b9b9e4f2fe0c1
-
SHA256
828fe990bf5f2a6bc95e105b306ddc922d08ec558ccc622c842687686aae88e5
-
SHA512
8c5346b30dac6cf31750f3d63769aaca6b8dd2945f4ddb736f96d6ed0f81a89255e752dc1d161b825f0e92d4c11047748cd7d1e875ec011ac87d256b3ea4dd1f
-
SSDEEP
768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taqa:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8U
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1