Overview

overview

10

Static

static

10

3587c83089...37.exe

windows7-x64

10

3587c83089...37.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3587c83089c747e1501fc3813d6ee84747d37904c378ba139573180fe8946037

  • Size

    5.5MB

  • Sample

    230807-jz5l6aff21

  • MD5

    b754f770ce9f4583b64fcf321bb150cf

  • SHA1

    65481e1292d110684ac23ba03d0059a114a90809

  • SHA256

    3587c83089c747e1501fc3813d6ee84747d37904c378ba139573180fe8946037

  • SHA512

    9ada07124881defadc7c83480eb68fd39d3754a448534a1b00ce30e2a00d30173aaf2be0c2e9a084f521bdb14f37a915cdaf6cab26ae736f287ae7a478959061

  • SSDEEP

    6144:H29qRfVSndj30Bk+ZSyPhlpUnSYK062o+J8+J4+JZ+JQ+J9J1+J9J++J9J2Ju+Jq:TRfQnBWkyBGr

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

www.polarroute.com

Targets

    • Target

      3587c83089c747e1501fc3813d6ee84747d37904c378ba139573180fe8946037

    • Size

      5.5MB

    • MD5

      b754f770ce9f4583b64fcf321bb150cf

    • SHA1

      65481e1292d110684ac23ba03d0059a114a90809

    • SHA256

      3587c83089c747e1501fc3813d6ee84747d37904c378ba139573180fe8946037

    • SHA512

      9ada07124881defadc7c83480eb68fd39d3754a448534a1b00ce30e2a00d30173aaf2be0c2e9a084f521bdb14f37a915cdaf6cab26ae736f287ae7a478959061

    • SSDEEP

      6144:H29qRfVSndj30Bk+ZSyPhlpUnSYK062o+J8+J4+JZ+JQ+J9J1+J9J++J9J2Ju+Jq:TRfQnBWkyBGr

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula payload

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks