Overview

overview

10

Static

static

10

c6a39b44ec...b5.exe

windows7-x64

10

c6a39b44ec...b5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c6a39b44ecdb5f32e9b9081ce3556ab5

  • Size

    321KB

  • Sample

    231220-rrgt5aagap

  • MD5

    c6a39b44ecdb5f32e9b9081ce3556ab5

  • SHA1

    0a26d32fcb9ccad529df099652a4bdee5457942a

  • SHA256

    f04d0a101eb79d7d065c7921fa22849b8f060bde7ae350b0746d422f5eb99b73

  • SHA512

    b5fe29fb559d3c2939ffe4ec7932705001f46f832818fab56fdb3b11f8fb55afc3430fab12a8fcc982fbd1b88c60ed950c18782c374492b84f1eb4925cd83169

  • SSDEEP

    1536:aoaj1hJL1S9t0MIeboal8bCKxo7h0RP0jwHVz30rtroZeBsCXKTnhxJv:F0hpgz6xGhTjwHN30BE8BsZhX

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      c6a39b44ecdb5f32e9b9081ce3556ab5

    • Size

      321KB

    • MD5

      c6a39b44ecdb5f32e9b9081ce3556ab5

    • SHA1

      0a26d32fcb9ccad529df099652a4bdee5457942a

    • SHA256

      f04d0a101eb79d7d065c7921fa22849b8f060bde7ae350b0746d422f5eb99b73

    • SHA512

      b5fe29fb559d3c2939ffe4ec7932705001f46f832818fab56fdb3b11f8fb55afc3430fab12a8fcc982fbd1b88c60ed950c18782c374492b84f1eb4925cd83169

    • SSDEEP

      1536:aoaj1hJL1S9t0MIeboal8bCKxo7h0RP0jwHVz30rtroZeBsCXKTnhxJv:F0hpgz6xGhTjwHN30BE8BsZhX

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks