General
-
Target
fd5aa2b28af75983558c629e1ff49bce16ef3516211f70e24c261cc27e07fe4b
-
Size
43KB
-
Sample
250222-lpkv4svn17
-
MD5
c90fee8351b846357e022d1213be9151
-
SHA1
578b8b849df990f70cf4dc04b94f5a2befd54a9c
-
SHA256
fd5aa2b28af75983558c629e1ff49bce16ef3516211f70e24c261cc27e07fe4b
-
SHA512
4f5fa8c6d81323791e436a07ca108a219ecb824dcf16a438634dd2167dc2bdfc515692d87d6cfff2316d3f504ee1faab708046c068cd94dd75697ceea85f7546
-
SSDEEP
768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taqF:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8D
Malware Config
Targets
-
-
Target
fd5aa2b28af75983558c629e1ff49bce16ef3516211f70e24c261cc27e07fe4b
-
Size
43KB
-
MD5
c90fee8351b846357e022d1213be9151
-
SHA1
578b8b849df990f70cf4dc04b94f5a2befd54a9c
-
SHA256
fd5aa2b28af75983558c629e1ff49bce16ef3516211f70e24c261cc27e07fe4b
-
SHA512
4f5fa8c6d81323791e436a07ca108a219ecb824dcf16a438634dd2167dc2bdfc515692d87d6cfff2316d3f504ee1faab708046c068cd94dd75697ceea85f7546
-
SSDEEP
768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taqF:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8D
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1