General
-
Target
1605691b05115f2c264077b8319478d7ac634a5d00b1523a76e85fbba9527954N.exe
-
Size
114KB
-
Sample
250120-pks8gaypdj
-
MD5
3e1292d6f57f291d055c9f8eaec244c0
-
SHA1
6095df60681adf6a048d0b1e2ad15e2571f09ae9
-
SHA256
1605691b05115f2c264077b8319478d7ac634a5d00b1523a76e85fbba9527954
-
SHA512
a481fa904d557f9eae09e8e3f50209f147411aaee21122d56d3427d2a33a2e782c30803e71f828dc7f89c8695e1db98763739994c23622acf5c607d694e69b67
-
SSDEEP
1536:Loaj1hJL1S9t0MIeboal8bCKxo7h0RPLJNz30rtriCr0nJnHPoq1nouy8uRgG:c0hpgz6xGhYJF30Blr0nhoutuRgG
Malware Config
Targets
-
-
Target
1605691b05115f2c264077b8319478d7ac634a5d00b1523a76e85fbba9527954N.exe
-
Size
114KB
-
MD5
3e1292d6f57f291d055c9f8eaec244c0
-
SHA1
6095df60681adf6a048d0b1e2ad15e2571f09ae9
-
SHA256
1605691b05115f2c264077b8319478d7ac634a5d00b1523a76e85fbba9527954
-
SHA512
a481fa904d557f9eae09e8e3f50209f147411aaee21122d56d3427d2a33a2e782c30803e71f828dc7f89c8695e1db98763739994c23622acf5c607d694e69b67
-
SSDEEP
1536:Loaj1hJL1S9t0MIeboal8bCKxo7h0RPLJNz30rtriCr0nJnHPoq1nouy8uRgG:c0hpgz6xGhYJF30Blr0nhoutuRgG
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1