Overview

overview

10

Static

static

10

cae80def53...AS.exe

windows7-x64

10

cae80def53...AS.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cae80def5320d2025543a59655339730_NEAS

  • Size

    43KB

  • Sample

    240507-sv64vsch9y

  • MD5

    cae80def5320d2025543a59655339730

  • SHA1

    859f745e7fe2dc3096ee8e5a1e33537a6da83d0d

  • SHA256

    bfbc960adefcc4978bbc1ebcc92c124ff5720faa6fc5c85b9fc2ad91e708b5e4

  • SHA512

    82ab455277862f7e9a8b5ac2683586e5332a19c99518317e370ccca1154c2c54a83507fa94662dee0f7521b3dc7cd11af60b8be249907265c4aebd2b0d5cf46c

  • SSDEEP

    768:FUiX34HOc2Lsh7mfUolW/xtNEM5iZhcOL0tTChQEgHDR7:VYE4Z4lsjNbtNEq7

Score
10/10
sakulapersistencerattrojanupx

Malware Config

Targets

    • Target

      cae80def5320d2025543a59655339730_NEAS

    • Size

      43KB

    • MD5

      cae80def5320d2025543a59655339730

    • SHA1

      859f745e7fe2dc3096ee8e5a1e33537a6da83d0d

    • SHA256

      bfbc960adefcc4978bbc1ebcc92c124ff5720faa6fc5c85b9fc2ad91e708b5e4

    • SHA512

      82ab455277862f7e9a8b5ac2683586e5332a19c99518317e370ccca1154c2c54a83507fa94662dee0f7521b3dc7cd11af60b8be249907265c4aebd2b0d5cf46c

    • SSDEEP

      768:FUiX34HOc2Lsh7mfUolW/xtNEM5iZhcOL0tTChQEgHDR7:VYE4Z4lsjNbtNEq7

    Score
    10/10
    sakulapersistencerattrojanupx

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks