Overview

overview

10

Static

static

3

2a7a4068e1...JC.exe

windows7-x64

10

2a7a4068e1...JC.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2a7a4068e1a2d11db35bb3fd15a15211_JC.exe

  • Size

    35KB

  • Sample

    230909-qhykvabc61

  • MD5

    2a7a4068e1a2d11db35bb3fd15a15211

  • SHA1

    085c13384357bef2980481584fa6082a9404016f

  • SHA256

    253229a4819d39e944dc993871b92884fc8a41970e329056cc2e54e9d644792f

  • SHA512

    1ec35d05b5b2790248f8784386700beb6060d75df966e3a919880d2df4c3e23dc80585f0af900376e580938ae2b3d01f176735ddbf4a023281320500a8c3ae09

  • SSDEEP

    768:lwbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647D7:lwbYP4nuEApQK4TQbtY2gA9DX+ytBO5

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      2a7a4068e1a2d11db35bb3fd15a15211_JC.exe

    • Size

      35KB

    • MD5

      2a7a4068e1a2d11db35bb3fd15a15211

    • SHA1

      085c13384357bef2980481584fa6082a9404016f

    • SHA256

      253229a4819d39e944dc993871b92884fc8a41970e329056cc2e54e9d644792f

    • SHA512

      1ec35d05b5b2790248f8784386700beb6060d75df966e3a919880d2df4c3e23dc80585f0af900376e580938ae2b3d01f176735ddbf4a023281320500a8c3ae09

    • SSDEEP

      768:lwbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647D7:lwbYP4nuEApQK4TQbtY2gA9DX+ytBO5

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks