Overview

overview

10

Static

static

4d21da09b2...f2.exe

windows7_x64

10

4d21da09b2...f2.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4d21da09b2ca0226c812692ab7cba60af1c8d58ff97dda500df2f850b2c38ef2

  • Size

    137KB

  • Sample

    220130-y9gqeaabgj

  • MD5

    3f0ba1cd12bab7ba5875d1b02e45dfcf

  • SHA1

    a5dfa8bbf1643274d0ef0902626172019173bf52

  • SHA256

    4d21da09b2ca0226c812692ab7cba60af1c8d58ff97dda500df2f850b2c38ef2

  • SHA512

    c221fb23fc92a4d2550defcaea6f422a33e7035506ede6b0193ebc10aab5561e08c8bb7fe38852faf8996e954c6c17e2b66b4600db92e5e5be83d9d79f233884

Score
10/10
sakulapersistencerattrojanupx

Malware Config

Targets

    • Target

      4d21da09b2ca0226c812692ab7cba60af1c8d58ff97dda500df2f850b2c38ef2

    • Size

      137KB

    • MD5

      3f0ba1cd12bab7ba5875d1b02e45dfcf

    • SHA1

      a5dfa8bbf1643274d0ef0902626172019173bf52

    • SHA256

      4d21da09b2ca0226c812692ab7cba60af1c8d58ff97dda500df2f850b2c38ef2

    • SHA512

      c221fb23fc92a4d2550defcaea6f422a33e7035506ede6b0193ebc10aab5561e08c8bb7fe38852faf8996e954c6c17e2b66b4600db92e5e5be83d9d79f233884

    Score
    10/10
    sakulapersistencerattrojanupx

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks