Overview

overview

10

Static

static

10

6d8032357e...31.exe

windows7-x64

10

6d8032357e...31.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6d8032357e664749d95c74c3cc618231

  • Size

    3.6MB

  • Sample

    231219-wbfpcafggn

  • MD5

    6d8032357e664749d95c74c3cc618231

  • SHA1

    ea0f06dc70bd88554e2231d8a9e8545e40dc4df1

  • SHA256

    2cca320792270200228141c046006de65a23d2d75ae736216d27d7b1f6161b6a

  • SHA512

    4eed9e97c4e9e5cca3c71fce9bbb0880e9c9fa36b8db9e55f95bdab7a536b8e410bd223e5723d5ae54e6850ec896fcd1977911f7edf74c6288d3a0f01d45abac

  • SSDEEP

    49152:o852ZjeUNZZH46HsnHVT5ZA+acdD6xXTIN:oU6eUNZZJHsHr

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

www.polarroute.com

Targets

    • Target

      6d8032357e664749d95c74c3cc618231

    • Size

      3.6MB

    • MD5

      6d8032357e664749d95c74c3cc618231

    • SHA1

      ea0f06dc70bd88554e2231d8a9e8545e40dc4df1

    • SHA256

      2cca320792270200228141c046006de65a23d2d75ae736216d27d7b1f6161b6a

    • SHA512

      4eed9e97c4e9e5cca3c71fce9bbb0880e9c9fa36b8db9e55f95bdab7a536b8e410bd223e5723d5ae54e6850ec896fcd1977911f7edf74c6288d3a0f01d45abac

    • SSDEEP

      49152:o852ZjeUNZZH46HsnHVT5ZA+acdD6xXTIN:oU6eUNZZJHsHr

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks