Overview

overview

10

Static

static

10

0b980ed39d...33.exe

windows7-x64

10

0b980ed39d...33.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0b980ed39da10a55d451efb072884a33

  • Size

    92KB

  • Sample

    231219-msy3ksgfd5

  • MD5

    0b980ed39da10a55d451efb072884a33

  • SHA1

    b4fa9a8e926891bb64747b89f5ac3ebdfe81505d

  • SHA256

    82373431eb3a1ba42c7b205b04b0bdcb435c9cb896f346730a00326d59f2f106

  • SHA512

    3ee830c21d85e5b666b2da4ebc790c4badd6b508d0246fdc193e7dd077c32a335c31877284510f7facf6e988121ee6cb06418afd45a555309b78401b8398539d

  • SSDEEP

    1536:PQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+ees52z30rtr0:w29DkEGRQixVSjLaes5G30BQ

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

www.polarroute.com

Targets

    • Target

      0b980ed39da10a55d451efb072884a33

    • Size

      92KB

    • MD5

      0b980ed39da10a55d451efb072884a33

    • SHA1

      b4fa9a8e926891bb64747b89f5ac3ebdfe81505d

    • SHA256

      82373431eb3a1ba42c7b205b04b0bdcb435c9cb896f346730a00326d59f2f106

    • SHA512

      3ee830c21d85e5b666b2da4ebc790c4badd6b508d0246fdc193e7dd077c32a335c31877284510f7facf6e988121ee6cb06418afd45a555309b78401b8398539d

    • SSDEEP

      1536:PQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+ees52z30rtr0:w29DkEGRQixVSjLaes5G30BQ

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks