General

  • Target

    7a31c80eff4d6b2430289524041ba736a81f372ee288c88f5cb39c0af0b6ab36

  • Size

    35KB

  • Sample

    250702-x5qxva1kz2

  • MD5

    ae5155132ec4821665982a0e6d7fca0c

  • SHA1

    b692086f50158d21b3cefa502816a25a2de2c222

  • SHA256

    7a31c80eff4d6b2430289524041ba736a81f372ee288c88f5cb39c0af0b6ab36

  • SHA512

    e1d372de56cfb6387bffd339df5785f964c0c37351855293f7f68bd3adfb5ff8cd83f43bdd752c251609b8bd555b7e816c6240b3d87a5dd41fa7f8028f5b356c

  • SSDEEP

    768:3wbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647D6:3wbYP4nuEApQK4TQbtY2gA9DX+ytBO4

Malware Config

Targets

    • Target

      7a31c80eff4d6b2430289524041ba736a81f372ee288c88f5cb39c0af0b6ab36

    • Size

      35KB

    • MD5

      ae5155132ec4821665982a0e6d7fca0c

    • SHA1

      b692086f50158d21b3cefa502816a25a2de2c222

    • SHA256

      7a31c80eff4d6b2430289524041ba736a81f372ee288c88f5cb39c0af0b6ab36

    • SHA512

      e1d372de56cfb6387bffd339df5785f964c0c37351855293f7f68bd3adfb5ff8cd83f43bdd752c251609b8bd555b7e816c6240b3d87a5dd41fa7f8028f5b356c

    • SSDEEP

      768:3wbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647D6:3wbYP4nuEApQK4TQbtY2gA9DX+ytBO4

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks