Overview

overview

10

Static

static

10

6fa4e472c5...42.exe

windows7-x64

10

6fa4e472c5...42.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3c38edf800f47a975989b56e6f11a9dc.zip

  • Size

    38KB

  • Sample

    240901-yg4pgazekq

  • MD5

    19cfe66d2b94e3b72b1c6b26452fd59c

  • SHA1

    70e545a8c1d28d48f33f66a0abeac216b868a68b

  • SHA256

    6831f1cfe762bde27b251e73f95c2923f2a810595c1bfa5bf391a234b828a519

  • SHA512

    e2b213dd933631b21db4aed0fbbe243387961691583c8de2163484f7cc93ebcccb32651933ce8e26b2586f4782f5e1f0163570e3f7cee38f0244dbd8be0da900

  • SSDEEP

    768:B7O94X/iEwFk8TQL+J6Z5f0vj3HXp5QVxxv/u2bUa0KH3ROaog/gvca2V/mjl:B7we7wXTI5f0T38n5/u2bUaF8aoca2Vu

Score
10/10
sakuladiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      6fa4e472c548a152f029291bed5959e0794d8205588a271eb810e8cc3bf69f42

    • Size

      100KB

    • MD5

      3c38edf800f47a975989b56e6f11a9dc

    • SHA1

      f5fe5bb719823c94831fecd892f999f5d6e2202e

    • SHA256

      6fa4e472c548a152f029291bed5959e0794d8205588a271eb810e8cc3bf69f42

    • SHA512

      e81cd605786683baadf17c86a48f6b5f8c94bf246bcc69df3554f5ce60cd1a8cd2c045bd1c3ee4236cf0e5cd52d0645dbdcc2f9afa7683b20dcd8958635c519f

    • SSDEEP

      1536:Zoaj1hJL1S9t0MIeboal8bCKxo7h0RPaaml0Nz30rtrnx:K0hpgz6xGhZamyF30Bbx

    Score
    10/10
    sakuladiscoverypersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks