Overview

overview

10

Static

static

3

7593d76e52...a7.exe

windows7-x64

10

7593d76e52...a7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7593d76e52f62535f1d3c2fa345163a7

  • Size

    58KB

  • Sample

    231219-wyvrsacdhq

  • MD5

    7593d76e52f62535f1d3c2fa345163a7

  • SHA1

    9923f233b7e31cc043ab0cea9aaefcb6648575f7

  • SHA256

    b9548283515d6e27b89ccef357e8ddda9e07d1a1687ea1ad07e8d6fa092c0164

  • SHA512

    936636d30bb5ba7be54c718cdbdd1fb63671c65df937da8f8434648e01b33ebd96f9fcbb14b5a9413e867317d3d060c9eecbd834dbe3592e7e1278add59f95ef

  • SSDEEP

    1536:iZioIoCwbYP4nuEApQK4TQbtY2gA9DX+ytBO8c3G3eTJ/p:iEoIlwIguEA4c5DgA9DOyq0eFR

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      7593d76e52f62535f1d3c2fa345163a7

    • Size

      58KB

    • MD5

      7593d76e52f62535f1d3c2fa345163a7

    • SHA1

      9923f233b7e31cc043ab0cea9aaefcb6648575f7

    • SHA256

      b9548283515d6e27b89ccef357e8ddda9e07d1a1687ea1ad07e8d6fa092c0164

    • SHA512

      936636d30bb5ba7be54c718cdbdd1fb63671c65df937da8f8434648e01b33ebd96f9fcbb14b5a9413e867317d3d060c9eecbd834dbe3592e7e1278add59f95ef

    • SSDEEP

      1536:iZioIoCwbYP4nuEApQK4TQbtY2gA9DX+ytBO8c3G3eTJ/p:iEoIlwIguEA4c5DgA9DOyq0eFR

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks