Overview

overview

10

Static

static

10

912b0c8d59...ab.exe

windows7-x64

10

912b0c8d59...ab.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    912b0c8d59b80434cc62948de13a14ab

  • Size

    321KB

  • Sample

    231219-y2h89scccm

  • MD5

    912b0c8d59b80434cc62948de13a14ab

  • SHA1

    6654e387088d0400d91041069af6424691e32d08

  • SHA256

    7f6b5f681f1d51021517b4406e5477bb196a49469846422e760adaa5ffb29790

  • SHA512

    dd5e0d0ea285796ace9a6a25caa758391f9893d5fa214d8e0288f5974216dab8fe7109a9dd3b34ea75e4d42f1d2f975c6ba5b9a50f600ce5bbb7739a6191dc30

  • SSDEEP

    1536:aoaj1hJL1S9t0MIeboal8bCKxo7h0RP0jwHVz30rtroZeBsCXKTnhxJX:F0hpgz6xGhTjwHN30BE8BsZhf

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      912b0c8d59b80434cc62948de13a14ab

    • Size

      321KB

    • MD5

      912b0c8d59b80434cc62948de13a14ab

    • SHA1

      6654e387088d0400d91041069af6424691e32d08

    • SHA256

      7f6b5f681f1d51021517b4406e5477bb196a49469846422e760adaa5ffb29790

    • SHA512

      dd5e0d0ea285796ace9a6a25caa758391f9893d5fa214d8e0288f5974216dab8fe7109a9dd3b34ea75e4d42f1d2f975c6ba5b9a50f600ce5bbb7739a6191dc30

    • SSDEEP

      1536:aoaj1hJL1S9t0MIeboal8bCKxo7h0RP0jwHVz30rtroZeBsCXKTnhxJX:F0hpgz6xGhTjwHN30BE8BsZhf

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks