General

  • Target

    3a7fc3db6d5a6a5deb66ee0d55f9d884c9b47ad99c9c4f671746bbb39e4f2d41

  • Size

    35KB

  • Sample

    250702-x51r2s1k14

  • MD5

    a7d2fd25bade28c1bc32efcdd609341e

  • SHA1

    764c17f623ee03abb4da2816beed8a1516815887

  • SHA256

    3a7fc3db6d5a6a5deb66ee0d55f9d884c9b47ad99c9c4f671746bbb39e4f2d41

  • SHA512

    38a577a5383c2c669d83bf15bf53267d86dbdc130b4f3ab6c812def2174f6676449149c4b6196576c2cc679202622bd461da7ac1fb7c617223296997f4cc89a7

  • SSDEEP

    768:3wbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647Dp:3wbYP4nuEApQK4TQbtY2gA9DX+ytBOn

Malware Config

Targets

    • Target

      3a7fc3db6d5a6a5deb66ee0d55f9d884c9b47ad99c9c4f671746bbb39e4f2d41

    • Size

      35KB

    • MD5

      a7d2fd25bade28c1bc32efcdd609341e

    • SHA1

      764c17f623ee03abb4da2816beed8a1516815887

    • SHA256

      3a7fc3db6d5a6a5deb66ee0d55f9d884c9b47ad99c9c4f671746bbb39e4f2d41

    • SHA512

      38a577a5383c2c669d83bf15bf53267d86dbdc130b4f3ab6c812def2174f6676449149c4b6196576c2cc679202622bd461da7ac1fb7c617223296997f4cc89a7

    • SSDEEP

      768:3wbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647Dp:3wbYP4nuEApQK4TQbtY2gA9DX+ytBOn

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks