General

  • Target

    df83f978faefe85ecba70057b565eb6a4e2dc88712dbeb1726bd79807773ff9b

  • Size

    35KB

  • Sample

    250702-xzg3ra1ky4

  • MD5

    43015603d5329ca5f075863e537f0fd7

  • SHA1

    c8718a06961f61f8d53158a4c7fd630e31dba684

  • SHA256

    df83f978faefe85ecba70057b565eb6a4e2dc88712dbeb1726bd79807773ff9b

  • SHA512

    b071aaf7fcf6d018aedb8619f9f8e7f436a08ca97593da71421f38e18d22171684516789a51302a1f64ab2aa0a3542d660dac9ae0fd15a7e884d23f09e10ad25

  • SSDEEP

    768:3wbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647D/:3wbYP4nuEApQK4TQbtY2gA9DX+ytBOB

Malware Config

Targets

    • Target

      df83f978faefe85ecba70057b565eb6a4e2dc88712dbeb1726bd79807773ff9b

    • Size

      35KB

    • MD5

      43015603d5329ca5f075863e537f0fd7

    • SHA1

      c8718a06961f61f8d53158a4c7fd630e31dba684

    • SHA256

      df83f978faefe85ecba70057b565eb6a4e2dc88712dbeb1726bd79807773ff9b

    • SHA512

      b071aaf7fcf6d018aedb8619f9f8e7f436a08ca97593da71421f38e18d22171684516789a51302a1f64ab2aa0a3542d660dac9ae0fd15a7e884d23f09e10ad25

    • SSDEEP

      768:3wbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647D/:3wbYP4nuEApQK4TQbtY2gA9DX+ytBOB

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks