Overview

overview

10

Static

static

10

bf867e69a0...34.exe

windows7-x64

10

bf867e69a0...34.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bf867e69a0281772a1cb85e0a566ad34

  • Size

    4.5MB

  • Sample

    231220-rahebsdccl

  • MD5

    bf867e69a0281772a1cb85e0a566ad34

  • SHA1

    f14483457c82a40c34a2876b56331477b1beca25

  • SHA256

    649c2ef6b04787808f2bb095ba64ad8d91d11cc9fa4c35a6ece16d6ccf6fd1f2

  • SHA512

    3c114090a9c1654c1e67d7f5bb2be4d3856a0db8eb84903bb171284667817ab314cbebb59710fcee54c8ede0831437efcb7dba0f086905c2ac7b01f5912de37d

  • SSDEEP

    24576:0+9mrnE2Zjll/6b8h3UZrgEu8CkBW+M3nXvIMfhlG144EE/f5DBMYp:0Y2ZjlkWEZw8Jk+EXvIMfP4FRaYp

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      bf867e69a0281772a1cb85e0a566ad34

    • Size

      4.5MB

    • MD5

      bf867e69a0281772a1cb85e0a566ad34

    • SHA1

      f14483457c82a40c34a2876b56331477b1beca25

    • SHA256

      649c2ef6b04787808f2bb095ba64ad8d91d11cc9fa4c35a6ece16d6ccf6fd1f2

    • SHA512

      3c114090a9c1654c1e67d7f5bb2be4d3856a0db8eb84903bb171284667817ab314cbebb59710fcee54c8ede0831437efcb7dba0f086905c2ac7b01f5912de37d

    • SSDEEP

      24576:0+9mrnE2Zjll/6b8h3UZrgEu8CkBW+M3nXvIMfhlG144EE/f5DBMYp:0Y2ZjlkWEZw8Jk+EXvIMfP4FRaYp

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks