General

  • Target

    5bface997340b7f22bd2ec56e44bb5a06b2f578d1b62b2cf2dbfa886b0471dab

  • Size

    35KB

  • Sample

    250702-x5z6hs1k13

  • MD5

    55143e725379e104c2eb1cb142174d79

  • SHA1

    fb022b589774711b1f62907ec359182ea96fe2b0

  • SHA256

    5bface997340b7f22bd2ec56e44bb5a06b2f578d1b62b2cf2dbfa886b0471dab

  • SHA512

    8a571f7e5c858f6c3cb7c862abce112a7dc2899ab05136438b836fc19c3bfd925b07bede29a4c26ac206574da6b12926f7fd0b519798eacb5874b0bb382682c1

  • SSDEEP

    768:3wbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647Dz:3wbYP4nuEApQK4TQbtY2gA9DX+ytBOh

Malware Config

Targets

    • Target

      5bface997340b7f22bd2ec56e44bb5a06b2f578d1b62b2cf2dbfa886b0471dab

    • Size

      35KB

    • MD5

      55143e725379e104c2eb1cb142174d79

    • SHA1

      fb022b589774711b1f62907ec359182ea96fe2b0

    • SHA256

      5bface997340b7f22bd2ec56e44bb5a06b2f578d1b62b2cf2dbfa886b0471dab

    • SHA512

      8a571f7e5c858f6c3cb7c862abce112a7dc2899ab05136438b836fc19c3bfd925b07bede29a4c26ac206574da6b12926f7fd0b519798eacb5874b0bb382682c1

    • SSDEEP

      768:3wbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647Dz:3wbYP4nuEApQK4TQbtY2gA9DX+ytBOh

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks