General

  • Target

    6ae9d100e1e8715dff6a36e9d95ad16199a158ccf87c835d9df80187cdb30865

  • Size

    35KB

  • Sample

    250702-x2c7kszxgw

  • MD5

    91c18c828ea00e872b13458a0f225a73

  • SHA1

    1e45b733933df3dc557823b27578a0e1f61aab90

  • SHA256

    6ae9d100e1e8715dff6a36e9d95ad16199a158ccf87c835d9df80187cdb30865

  • SHA512

    232a3b33bcbcf083d48608bfb0d25746d472c82538484592ebf5fb08b88231acd47a3cf21006297d53daec081eac7cee133aa3cec67018ec350913ea4189fa7f

  • SSDEEP

    768:3wbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647DV:3wbYP4nuEApQK4TQbtY2gA9DX+ytBOj

Malware Config

Targets

    • Target

      6ae9d100e1e8715dff6a36e9d95ad16199a158ccf87c835d9df80187cdb30865

    • Size

      35KB

    • MD5

      91c18c828ea00e872b13458a0f225a73

    • SHA1

      1e45b733933df3dc557823b27578a0e1f61aab90

    • SHA256

      6ae9d100e1e8715dff6a36e9d95ad16199a158ccf87c835d9df80187cdb30865

    • SHA512

      232a3b33bcbcf083d48608bfb0d25746d472c82538484592ebf5fb08b88231acd47a3cf21006297d53daec081eac7cee133aa3cec67018ec350913ea4189fa7f

    • SSDEEP

      768:3wbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647DV:3wbYP4nuEApQK4TQbtY2gA9DX+ytBOj

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks