Overview

overview

10

Static

static

10

a8fc248b49...88.exe

windows7-x64

10

a8fc248b49...88.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a8fc248b4910ff0e354dfb49b7101288

  • Size

    150KB

  • Sample

    231219-1h82pacch3

  • MD5

    a8fc248b4910ff0e354dfb49b7101288

  • SHA1

    851a60fce87cc6ac73f16e073a14f067c8b73048

  • SHA256

    1f791301a581f8d2399669541efd67d998a8198fb3f74ee981df4f84e2e28cd9

  • SHA512

    71a7021870787c62fece14a577fa9e5314700b37e121ee1fbdbc5940b512139d562d609578b7ca0ac2d063877727c5741fb6ad3a3fb721f50cf18af8bba7dcb4

  • SSDEEP

    3072:H29DkEGRQixVSjLLJ30BWPOt5dQw+hyuGDInwE:H29qRfVSnt30Bbt+IhDFE

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

www.polarroute.com

Targets

    • Target

      a8fc248b4910ff0e354dfb49b7101288

    • Size

      150KB

    • MD5

      a8fc248b4910ff0e354dfb49b7101288

    • SHA1

      851a60fce87cc6ac73f16e073a14f067c8b73048

    • SHA256

      1f791301a581f8d2399669541efd67d998a8198fb3f74ee981df4f84e2e28cd9

    • SHA512

      71a7021870787c62fece14a577fa9e5314700b37e121ee1fbdbc5940b512139d562d609578b7ca0ac2d063877727c5741fb6ad3a3fb721f50cf18af8bba7dcb4

    • SSDEEP

      3072:H29DkEGRQixVSjLLJ30BWPOt5dQw+hyuGDInwE:H29qRfVSnt30Bbt+IhDFE

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks