General
-
Target
b241217e08af483a1f38a5ef787cd229d6a68fa3ad39de09ed3284b210ebb284.exe
-
Size
43KB
-
Sample
250117-ljje4a1rdm
-
MD5
31eacd82fe467cd58ce600892647b2bd
-
SHA1
8cef49de4feff409810e11a06dd81d75cfb34be4
-
SHA256
b241217e08af483a1f38a5ef787cd229d6a68fa3ad39de09ed3284b210ebb284
-
SHA512
9fe3e9f32b5816af95b807590e501b1c8beb042c3261e3a57fc216ba38f43911c628d0e7d7ef885e34473ec981a8bc38e237be08a329b61462022bfcd643c0d1
-
SSDEEP
768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taq6:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8A
Malware Config
Targets
-
-
Target
b241217e08af483a1f38a5ef787cd229d6a68fa3ad39de09ed3284b210ebb284.exe
-
Size
43KB
-
MD5
31eacd82fe467cd58ce600892647b2bd
-
SHA1
8cef49de4feff409810e11a06dd81d75cfb34be4
-
SHA256
b241217e08af483a1f38a5ef787cd229d6a68fa3ad39de09ed3284b210ebb284
-
SHA512
9fe3e9f32b5816af95b807590e501b1c8beb042c3261e3a57fc216ba38f43911c628d0e7d7ef885e34473ec981a8bc38e237be08a329b61462022bfcd643c0d1
-
SSDEEP
768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taq6:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8A
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1