Overview

overview

10

Static

static

3

59471bac04...JC.exe

windows7-x64

10

59471bac04...JC.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    59471bac048afbc08d7a95e4f1fa48dd_JC.exe

  • Size

    36KB

  • Sample

    230927-trrqfaca9x

  • MD5

    59471bac048afbc08d7a95e4f1fa48dd

  • SHA1

    e03d17ae480f4076760a44c9e87216a71d8b8eb7

  • SHA256

    e1b632fc81503bdf94df0a27a3bb6059d097927a440a2dfde290ae3e454c2253

  • SHA512

    3f85e07493a132dd61e08219d1f79b7895ffda889c8a87e7097260c70cae363d00ffea56d429c69946e317449566c4b1d2d8ecb9908ed825b7f2d806d9fd7c82

  • SSDEEP

    768:TwbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647Dp:TwbYP4nuEApQK4TQbtY2gA9DX+ytBOf

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      59471bac048afbc08d7a95e4f1fa48dd_JC.exe

    • Size

      36KB

    • MD5

      59471bac048afbc08d7a95e4f1fa48dd

    • SHA1

      e03d17ae480f4076760a44c9e87216a71d8b8eb7

    • SHA256

      e1b632fc81503bdf94df0a27a3bb6059d097927a440a2dfde290ae3e454c2253

    • SHA512

      3f85e07493a132dd61e08219d1f79b7895ffda889c8a87e7097260c70cae363d00ffea56d429c69946e317449566c4b1d2d8ecb9908ed825b7f2d806d9fd7c82

    • SSDEEP

      768:TwbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647Dp:TwbYP4nuEApQK4TQbtY2gA9DX+ytBOf

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks