Overview

overview

10

Static

static

10

fa685918b7...49.exe

windows7-x64

10

fa685918b7...49.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fa685918b7320ca926400a3bc190bc49

  • Size

    191KB

  • Sample

    231220-v8236shfgp

  • MD5

    fa685918b7320ca926400a3bc190bc49

  • SHA1

    d4aa058377deb43d54e7213c60882db4b7447dcf

  • SHA256

    58eb20bc2754f2f80ef27a7d205d694fa6aca669c60047b9f513cafa09d60f96

  • SHA512

    e864e24b556d01719d8e88011f9d89961429f5171e60616aa1f07d975b86329e9edf404bd442a9c779c6278751dd65be791c911431bf6635d380970a55ff8297

  • SSDEEP

    1536:2oaj1hJL1S9t0MIeboal8bCKxo7h0RP0jwHVz30rtroZeBsCXKTn8:h0hpgz6xGhTjwHN30BE8BsZ8

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      fa685918b7320ca926400a3bc190bc49

    • Size

      191KB

    • MD5

      fa685918b7320ca926400a3bc190bc49

    • SHA1

      d4aa058377deb43d54e7213c60882db4b7447dcf

    • SHA256

      58eb20bc2754f2f80ef27a7d205d694fa6aca669c60047b9f513cafa09d60f96

    • SHA512

      e864e24b556d01719d8e88011f9d89961429f5171e60616aa1f07d975b86329e9edf404bd442a9c779c6278751dd65be791c911431bf6635d380970a55ff8297

    • SSDEEP

      1536:2oaj1hJL1S9t0MIeboal8bCKxo7h0RP0jwHVz30rtroZeBsCXKTn8:h0hpgz6xGhTjwHN30BE8BsZ8

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks