Overview

overview

10

Static

static

10

08c1af6e68...JC.exe

windows7-x64

10

08c1af6e68...JC.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    08c1af6e6884de0651229437ebe83fb0_JC.exe

  • Size

    99KB

  • Sample

    230927-vycerscg5z

  • MD5

    08c1af6e6884de0651229437ebe83fb0

  • SHA1

    700106680d5aaab9f54b22d9fc6e1e49ec39fd0c

  • SHA256

    ee79d61bc66889174edd9533d7ab5aeb9b098b562ce0598bb3c5aa60495ce764

  • SHA512

    23d0b90585b9182c58bc67fe2b4dd28a4e6017e9f99eb9572857dc8a8779474ca7b855c28622149cc61f59015d9b2975f96d9a8f21f975e79e0226f6b647aa7c

  • SSDEEP

    1536:Loaj1hJL1S9t0MIeboal8bCKxo7h0RPaaml0Nz30rtrMx:c0hpgz6xGhZamyF30Bgx

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      08c1af6e6884de0651229437ebe83fb0_JC.exe

    • Size

      99KB

    • MD5

      08c1af6e6884de0651229437ebe83fb0

    • SHA1

      700106680d5aaab9f54b22d9fc6e1e49ec39fd0c

    • SHA256

      ee79d61bc66889174edd9533d7ab5aeb9b098b562ce0598bb3c5aa60495ce764

    • SHA512

      23d0b90585b9182c58bc67fe2b4dd28a4e6017e9f99eb9572857dc8a8779474ca7b855c28622149cc61f59015d9b2975f96d9a8f21f975e79e0226f6b647aa7c

    • SSDEEP

      1536:Loaj1hJL1S9t0MIeboal8bCKxo7h0RPaaml0Nz30rtrMx:c0hpgz6xGhZamyF30Bgx

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks