Overview

overview

10

Static

static

7

45bd688a2a...0N.exe

windows7-x64

10

45bd688a2a...0N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    45bd688a2af2f726b45f46a69e01bd20N.exe

  • Size

    43KB

  • Sample

    240715-abnt3aydjk

  • MD5

    45bd688a2af2f726b45f46a69e01bd20

  • SHA1

    311c408a1f0c1b660b5c85eb62432e6415fabb49

  • SHA256

    e4e087540820a2b9d931a09e20b8f8f6599f33b57400ae88dabf093a86e30ef6

  • SHA512

    a6b59a2b4dba9d36ac0ad9d1dcf282fb9bf82ffa040066de61d787bec063c03ee6567672750c500efba2c1a74ec11072dd5469b6e4b558a46ad46542dad2502e

  • SSDEEP

    768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taqf:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8l

Score
10/10
sakulapersistencerattrojanupx

Malware Config

Targets

    • Target

      45bd688a2af2f726b45f46a69e01bd20N.exe

    • Size

      43KB

    • MD5

      45bd688a2af2f726b45f46a69e01bd20

    • SHA1

      311c408a1f0c1b660b5c85eb62432e6415fabb49

    • SHA256

      e4e087540820a2b9d931a09e20b8f8f6599f33b57400ae88dabf093a86e30ef6

    • SHA512

      a6b59a2b4dba9d36ac0ad9d1dcf282fb9bf82ffa040066de61d787bec063c03ee6567672750c500efba2c1a74ec11072dd5469b6e4b558a46ad46542dad2502e

    • SSDEEP

      768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taqf:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8l

    Score
    10/10
    sakulapersistencerattrojanupx

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks