Overview

overview

10

Static

static

10

ad71a9ef02...ed.exe

windows7-x64

10

ad71a9ef02...ed.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ad71a9ef02733c8507056b82aa3d54ed

  • Size

    79KB

  • Sample

    231219-1sb5pscadn

  • MD5

    ad71a9ef02733c8507056b82aa3d54ed

  • SHA1

    fdcfd7a9b31daa3b06815c0aa8ebc4e8732fd269

  • SHA256

    1aed112100ecb52dbe26f299139d0d02a31b6bc184abeb37568c6d247c19ce3c

  • SHA512

    2673f62fe670083b052a998573d258b43bef365e91f6cfa548f3a3e2be020a3ab8ceb9c8266554cb5910792cbca0fb825bb16d0945c9ce8d6f9d00a5c713da10

  • SSDEEP

    1536:Zoaj1hJL1S9t0MIeboal8bCKxo7h0RP0jwHVz30rtro8:K0hpgz6xGhTjwHN30BE8

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      ad71a9ef02733c8507056b82aa3d54ed

    • Size

      79KB

    • MD5

      ad71a9ef02733c8507056b82aa3d54ed

    • SHA1

      fdcfd7a9b31daa3b06815c0aa8ebc4e8732fd269

    • SHA256

      1aed112100ecb52dbe26f299139d0d02a31b6bc184abeb37568c6d247c19ce3c

    • SHA512

      2673f62fe670083b052a998573d258b43bef365e91f6cfa548f3a3e2be020a3ab8ceb9c8266554cb5910792cbca0fb825bb16d0945c9ce8d6f9d00a5c713da10

    • SSDEEP

      1536:Zoaj1hJL1S9t0MIeboal8bCKxo7h0RP0jwHVz30rtro8:K0hpgz6xGhTjwHN30BE8

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks