Overview

overview

10

Static

static

10

e6196677c2...77.exe

windows7-x64

10

e6196677c2...77.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e6196677c28d239bd9eea66338506577

  • Size

    108KB

  • Sample

    240906-dpzehatdmc

  • MD5

    e6196677c28d239bd9eea66338506577

  • SHA1

    5f2b01bf46a23712f2a46b5d2bed7438928c8af5

  • SHA256

    a5f110157d2b982a9efc913fdfc3d1ccae4e04555d03fc517026dd5a9258c6f9

  • SHA512

    7b10b4126548daf4a7fc8cc959889503125059e1b104d6ce8987271e0ce79a46cb26ad0541d2c1fb5a0305699602deaef7754ccd2bab84fabbfc246861a31e71

  • SSDEEP

    1536:Coaj1hJL1S9t0MIeboal8bCKxo7h0RPNqINz30rtr6W:N0hpgz6xGh2qIF30BGW

Score
10/10
sakuladiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      e6196677c28d239bd9eea66338506577

    • Size

      108KB

    • MD5

      e6196677c28d239bd9eea66338506577

    • SHA1

      5f2b01bf46a23712f2a46b5d2bed7438928c8af5

    • SHA256

      a5f110157d2b982a9efc913fdfc3d1ccae4e04555d03fc517026dd5a9258c6f9

    • SHA512

      7b10b4126548daf4a7fc8cc959889503125059e1b104d6ce8987271e0ce79a46cb26ad0541d2c1fb5a0305699602deaef7754ccd2bab84fabbfc246861a31e71

    • SSDEEP

      1536:Coaj1hJL1S9t0MIeboal8bCKxo7h0RPNqINz30rtr6W:N0hpgz6xGh2qIF30BGW

    Score
    10/10
    sakuladiscoverypersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks