Overview

overview

10

Static

static

10

bb13440e42...bd.exe

windows7-x64

10

bb13440e42...bd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bb13440e420c51a76dc5d4c688c69abd

  • Size

    92KB

  • Sample

    231220-q1jjmshhfk

  • MD5

    bb13440e420c51a76dc5d4c688c69abd

  • SHA1

    dae86a5db56ea239a1e238bd5d896e203a465f4f

  • SHA256

    988d17354a90464443e357fa7f48c3330f497050c2c0830d9fbd73f327a83dd7

  • SHA512

    f447aa55f48b6f7b3e0c9cc1c1e47ed61460fa8e6dd0b517e83f6634e917f4ac1b3148eedf67db01a37a530494e5efc42e494800d75714db2f7caf98b9314198

  • SSDEEP

    1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrQ:9bfVk29te2jqxCEtg30BE

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

www.savmpet.com

Targets

    • Target

      bb13440e420c51a76dc5d4c688c69abd

    • Size

      92KB

    • MD5

      bb13440e420c51a76dc5d4c688c69abd

    • SHA1

      dae86a5db56ea239a1e238bd5d896e203a465f4f

    • SHA256

      988d17354a90464443e357fa7f48c3330f497050c2c0830d9fbd73f327a83dd7

    • SHA512

      f447aa55f48b6f7b3e0c9cc1c1e47ed61460fa8e6dd0b517e83f6634e917f4ac1b3148eedf67db01a37a530494e5efc42e494800d75714db2f7caf98b9314198

    • SSDEEP

      1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrQ:9bfVk29te2jqxCEtg30BE

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks