General
-
Target
5540be2ef9937735cbcfeac74728faee3eb30bd4f5441df4df3cff8d19dd6b8d.exe
-
Size
912KB
-
Sample
250116-z9plpazlcs
-
MD5
b4cfa21f7e89d8297393c1a8f4d5419f
-
SHA1
260d9b253c7808d81cc2990132fb81adc0aba81a
-
SHA256
5540be2ef9937735cbcfeac74728faee3eb30bd4f5441df4df3cff8d19dd6b8d
-
SHA512
dcb6b9876597663aeea1a60ef1f9e928ca604a1550069958649dcd2b38e6ce610585e93cc87246dfbb18ab06893f0ba09df06a53841bfed878966ef8ff3b4bdb
-
SSDEEP
12288:0RfQn+w8EYiBlMkn5f9J105ko8T6csV5f1bYQog9hVn454E4CiW:g4+wlYBsb3zNs5f1bYInVn454EgW
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
5540be2ef9937735cbcfeac74728faee3eb30bd4f5441df4df3cff8d19dd6b8d.exe
-
Size
912KB
-
MD5
b4cfa21f7e89d8297393c1a8f4d5419f
-
SHA1
260d9b253c7808d81cc2990132fb81adc0aba81a
-
SHA256
5540be2ef9937735cbcfeac74728faee3eb30bd4f5441df4df3cff8d19dd6b8d
-
SHA512
dcb6b9876597663aeea1a60ef1f9e928ca604a1550069958649dcd2b38e6ce610585e93cc87246dfbb18ab06893f0ba09df06a53841bfed878966ef8ff3b4bdb
-
SSDEEP
12288:0RfQn+w8EYiBlMkn5f9J105ko8T6csV5f1bYQog9hVn454E4CiW:g4+wlYBsb3zNs5f1bYInVn454EgW
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1