Overview

overview

10

Static

static

10

859688c36f...34.exe

windows7-x64

10

859688c36f...34.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    859688c36fe52eea9dc010b3d8f95434

  • Size

    4.0MB

  • Sample

    231219-x98y8afgh4

  • MD5

    859688c36fe52eea9dc010b3d8f95434

  • SHA1

    8a4f9775b367b95a4dcb5a8167b3e11ce35cc771

  • SHA256

    4abf740c48f45def0f1edb3e436d6ffba7ed2365f2dabec48a45d00e96b86c6a

  • SHA512

    4b536dfe5b2aad71a21c310d6dc719d1d84f244fe053fbf40a24d38023fd0682ab04596b746e1fae2025c868c6ea4a11a62c92f8781777abe96f795c9123d9d0

  • SSDEEP

    24576:DF9mrnE2Z1y/6oTNBZrBEu8C7jnIQCwRO/wTGS5DBMY2:DD2Z1qT3Zz888QCwRO/wT/aY2

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      859688c36fe52eea9dc010b3d8f95434

    • Size

      4.0MB

    • MD5

      859688c36fe52eea9dc010b3d8f95434

    • SHA1

      8a4f9775b367b95a4dcb5a8167b3e11ce35cc771

    • SHA256

      4abf740c48f45def0f1edb3e436d6ffba7ed2365f2dabec48a45d00e96b86c6a

    • SHA512

      4b536dfe5b2aad71a21c310d6dc719d1d84f244fe053fbf40a24d38023fd0682ab04596b746e1fae2025c868c6ea4a11a62c92f8781777abe96f795c9123d9d0

    • SSDEEP

      24576:DF9mrnE2Z1y/6oTNBZrBEu8C7jnIQCwRO/wTGS5DBMY2:DD2Z1qT3Zz888QCwRO/wT/aY2

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks