General
-
Target
993e816aa208b505427f6854ad6fb25f89e6f4822f8d39a7143e5b30ef4fd307
-
Size
100KB
-
Sample
250127-b2p1gsvnfl
-
MD5
5a9f116e7768bab9baa80f8a63a772df
-
SHA1
695e14d28f9c77beec9629627487c73b72e5258d
-
SHA256
993e816aa208b505427f6854ad6fb25f89e6f4822f8d39a7143e5b30ef4fd307
-
SHA512
4ff2c65593d229f9aed6227cabaddecfdd08df76d6ece2d2bc17b80be5dce1814d555ecfa6a9301e98211c0260b86c245771bc971503b3f4d877e106041faeee
-
SSDEEP
1536:soaj1hJL1S9t0MIeboal8bCKxo7h0RPaaml0Nz30rtryxJ:H0hpgz6xGhZamyF30BWxJ
Malware Config
Targets
-
-
Target
993e816aa208b505427f6854ad6fb25f89e6f4822f8d39a7143e5b30ef4fd307
-
Size
100KB
-
MD5
5a9f116e7768bab9baa80f8a63a772df
-
SHA1
695e14d28f9c77beec9629627487c73b72e5258d
-
SHA256
993e816aa208b505427f6854ad6fb25f89e6f4822f8d39a7143e5b30ef4fd307
-
SHA512
4ff2c65593d229f9aed6227cabaddecfdd08df76d6ece2d2bc17b80be5dce1814d555ecfa6a9301e98211c0260b86c245771bc971503b3f4d877e106041faeee
-
SSDEEP
1536:soaj1hJL1S9t0MIeboal8bCKxo7h0RPaaml0Nz30rtryxJ:H0hpgz6xGhZamyF30BWxJ
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1