sakari | 304a2a17f482efca5e8a9e59b7e17f0f7cbd3bce77680f72ef079a81eadab70c | Triage

Submit
Reports

Overview

overview

Static

static

304a2a17f4...0c.exe

windows7_x64

304a2a17f4...0c.exe

windows10-2004_x64

Sharing

General

Target

304a2a17f482efca5e8a9e59b7e17f0f7cbd3bce77680f72ef079a81eadab70c
Size

321KB
Sample

220520-2p86psfgd8
MD5

6f6df11c0814860cc5a4fe7a9db87cc9
SHA1

539bbcc5ec63af4255a65e20ffb1352338cf41d2
SHA256

304a2a17f482efca5e8a9e59b7e17f0f7cbd3bce77680f72ef079a81eadab70c
SHA512

82bf7779e05bd6a734e51747f8fa8f879853c9869f88ecc0f7bf6bf13aeacdd47e7c506b9dde688c955c1f688f2889f8a8c92d263fcb411ec8663a43fe6ce31c

Score

10^/10

sakari evasion spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

304a2a17f482efca5e8a9e59b7e17f0f7cbd3bce77680f72ef079a81eadab70c.exe

Resource

win7-20220414-en

sakari evasion spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

304a2a17f482efca5e8a9e59b7e17f0f7cbd3bce77680f72ef079a81eadab70c.exe

Resource

win10v2004-20220414-en

sakari evasion spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  304a2a17f482efca5e8a9e59b7e17f0f7cbd3bce77680f72ef079a81eadab70c
- Size
  
  321KB
- MD5
  
  6f6df11c0814860cc5a4fe7a9db87cc9
- SHA1
  
  539bbcc5ec63af4255a65e20ffb1352338cf41d2
- SHA256
  
  304a2a17f482efca5e8a9e59b7e17f0f7cbd3bce77680f72ef079a81eadab70c
- SHA512
  
  82bf7779e05bd6a734e51747f8fa8f879853c9869f88ecc0f7bf6bf13aeacdd47e7c506b9dde688c955c1f688f2889f8a8c92d263fcb411ec8663a43fe6ce31c
Score

10^/10

sakari evasion spyware stealer trojan
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies security service
  evasion
- sakari
  Sakari is a stealer written in C#.
  spyware stealer sakari
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Disabling Security Tools

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

sakarievasionspywarestealertrojan

behavioral2

sakarievasionspywarestealertrojan

© 2018-2024

Terms | Privacy