Overview

overview

10

Static

static

10

137f0c2e4a...60.exe

windows7-x64

10

137f0c2e4a...60.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    137f0c2e4aeaae6f8aa9db92d8aa3a60

  • Size

    3.6MB

  • Sample

    231219-nh81gabebk

  • MD5

    137f0c2e4aeaae6f8aa9db92d8aa3a60

  • SHA1

    bb77f8eafe90ccf456015f47432b5dfbe75e2bda

  • SHA256

    0791f8ccc942d42d4766e569670f0f9071e97109f43371fc8b9d8af09ada05b0

  • SHA512

    edf5d8628516b0c4207d3082510bdf0039f43788bfb413166a50d59464ce3f2c43ca899d7a9d3fd2114bdb44d164770d76a5e67e19de105fba875613d0e0cfe9

  • SSDEEP

    49152:o852ZjeUNZZH46HsnHVT5ZA+acdD6xXTIF:oU6eUNZZJHsH/

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

www.polarroute.com

Targets

    • Target

      137f0c2e4aeaae6f8aa9db92d8aa3a60

    • Size

      3.6MB

    • MD5

      137f0c2e4aeaae6f8aa9db92d8aa3a60

    • SHA1

      bb77f8eafe90ccf456015f47432b5dfbe75e2bda

    • SHA256

      0791f8ccc942d42d4766e569670f0f9071e97109f43371fc8b9d8af09ada05b0

    • SHA512

      edf5d8628516b0c4207d3082510bdf0039f43788bfb413166a50d59464ce3f2c43ca899d7a9d3fd2114bdb44d164770d76a5e67e19de105fba875613d0e0cfe9

    • SSDEEP

      49152:o852ZjeUNZZH46HsnHVT5ZA+acdD6xXTIF:oU6eUNZZJHsH/

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks